Crypto Bridges Exposed
February 8, 2022 - The crypto world was rocked to the core on February 2, 2022 where a hacker was able to steal more than $323 million in cryptocurrency by exploiting a vulnerability in the Wormhole, a Web3 service that acts as Solana-Ethereum bridge to facilitate inter-blockchain transactions. Bridges play a key role in enabling DeFi services by enabling exchanges of values across different protocols, rules, or processes using wrapped and/or unwrapped tokens.
The haul is the fourth-biggest cryptocurrency theft of all time, according to this roundup from Statista, just behind the $480 million stolen from Mt. Gox in 2014, the $547 million taken from Coincheck in 2018, and the $611 million snatched from Polynetwork last year (this record-setting amount was later returned by the thief).
Wormhole's postmortem indicates that the Wormhole’s backend platform failed to properly validate its guardian accounts, allowing fake deposits to be processed as legitimate deposits, enabling the hacker to mint and withdraw 120,000 ETH coins. Jump Trading, Wormhole’s parent company, has stepped in to prevent chaos across the Solana DeFi landscape by replacing the lost 120k ETH.
Fast forward to Sunday February 6, 2022, Meter.io Passport, another bridge, reported a compromise where $4.3M was taken through a contract vulnerability. Early postmortem indicates that Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience. However, the contract did not block direct interaction of the wrapped ERC20 tokens for the native gas token and did not properly transfer and verify the correct number of WETH transferred from the callers' address resulting in an unauthorized transfer of 1391 ETH and 2.7 BTC. Details of the exploit movement can be observed on Breadcrumbs.app.
While Zero Friction's Hack and Scam DB identifies these two events as known bridge-targeted compromises in 2022, there were several other bridge-targeted compromises in 2021. For example, Badger DAO and Multi-chain (formerly Anyswap) have incurred collective losses exceeding $121M in 2021. For the Badger DAO incident, Nexus Mutual claimed that its policy does not cover 'front-end attack', thus it is unlikely that the payout will be made to Badger DAO to cover the specific losses. Celsius Network, also got caught in the same event with a loss of approximately $50M, and for its part, decided to cover the loss using its own funds.
In December 2, 2021, according to official Discord news, the decentralized organization Badger DAO was attacked by hackers, and user assets were transferred without authorization. According to the developer's initial inventory of damaged assets, 136,000 bcvxCRV, 64,000 bveCVX, 38 ibBTC/sBTC, 13 bibBTC/sBTC, and 19 DIGG have been lost in this incident.
In July 12, 2021, the cross-chain bridge project Anyswap issued an announcement stating that the newly launched V3 cross-chain liquidity pool was hacked in the early hours of yesterday, with a total loss of 2.39 million USDC and 5.5 million MIM. According to Etherscan, the hacker has sold all MIMs and obtained 548 Million DAI, which means that Anyswap's total loss is more than 7.87 million U.S. dollars. According to the explanation of the reason for the theft in the Anyswap announcement, two v3 router transactions were detected under the V3 router MPC account on the BSC. These two transactions have the same R value signature, and the hacker reversed the private key of this MPC account. At present, the team has fixed the code to avoid using the same R signature.
Ironically, back in January 7, 2022, Vitalik Buterin recently blogged his pessimistic perspective on cross-chain applications and why he did not believe that 'unbacked' bridges are in the best interest of the crypto community. The problem also gets worse when the the bridge extends beyond just two chains, potentially because unbacked assets are being used to back other similarly unbacked assets. In other words, the further away from the native chain, the greater the risk for loss of value of any assets happen to be in place on the bridge or DApps linked to the bridge.
Now, imaging what happens if you move 100 ETH onto a bridge on Solana to get 100 Solana-WETH, and then Ethereum gets 51% attacked. The attacker deposited a bunch of their own ETH into Solana-WETH and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH. Even if there's a perfect ZK-SNARK-based bridge that fully validates consensus, it's still vulnerable to theft through 51% attacks like this.
The Wormhole event confirmed this view after Jump Trading stepped up to cover the losses.
A good analogy to this issue can be found in the 2008 mortgage crisis, where prior to the collapse, the housing bubble preceding the crisis was financed with mortgage-backed securities (MBSes) and collateralized debt obligations (CDOs), which initially offered higher interest rates (i.e. better returns) than government securities, along with attractive risk ratings from rating agencies. The reality, after postmortem, indicates that two main causes for the collapse were due to:
a) The percentage of lower-quality subprime mortgages originated during a given year rose from the historical 8% or lower range to approximately 20% from 2004 to 2006, with much higher ratios in some parts of the U.S;
b) A high percentage of these subprime mortgages, over 90% in 2006 for example, had an interest rate that increased over time.
What is the moral to this story? Unless the bridge is backed, investors may not be made whole in case of a security incident that results in financial losses. If you must use bridges, what is the best approach? I will leave you the answer from Buterin.
For this reason, it's always safer to hold Ethereum-native assets on Ethereum or Solana-native assets on Solana than it is to hold Ethereum-native assets on Solana or Solana-native assets on Ethereum. And in this context, "Ethereum" refers not just to the base chain, but also any proper L2 that is built on it.