Hacks and scams have taken a heavy toll on cryptocurrency investors in recent days. One reason why crypto crime has spiked is that cybercriminals have discovered a particularly useful way to conduct exploits: bridges.
As the cryptocurrency world has become more complex, more transactions have come to rely on crypto bridges, protocols that enable two or more blockchains to work and share data with each other much like how physical bridges connect locations. Crypto bridges connect blockchains so users on one network can participate in the activities of another, enabling crypto users to utilize their holdings outside native chains. Crypto enthusiasts employ them to avoid using a centralized exchange to make transactions.
According to research conducted by blockchain analytics firm Chainalysis, breaches on these cross-chain bridges have led to $1.4 billion in losses since the beginning of 2022. The largest single event was the $615 million exploit of Ronin, a bridge supporting the popular non-fungible token game Axie Infinity that allows users to earn money while playing.
In addition, in June 2022, hackers stole approximately $100 million from the crypto bridge Horizon. Even before the hack, the amount of money stolen from bridges had surpassed $1 billion, serving as a stark reminder that just because something is useful, quick, and cheap does not mean it is safe.
The importance of understanding the threat of crypto bridges lies in the fact that they provide a pathway for malicious actors to transfer malicious or stolen assets across networks, making it more difficult for law enforcement and security teams to track and confiscate them.
As a result, protocols can connect more easily and build on one another’s features and use cases.
The growing popularity of DeFi, in which users frequently seek to lend or trade various currencies, has increased the demand for mechanisms to bridge the blockchain gap. More and more investors are looking to jump from one chain to another to earn higher yields or purchase art. Someone with Ether tokens may want to use them to buy NFTs or play games on the blockchain with lower gas or transaction fees than Ethereum, such as Solana.
Typically, crypto bridges transfer tokens from one network to another by wrapping them, which involves the bridge locking the original token in a smart contract and creating an equivalent number of wrapped tokens like WETH for ETH or WBNB for BNB.
Assume you have BTC but want to use it in an Ethereum-based platform. While you have a lot of BTC, the Ethereum and Bitcoin blockchains operate under entirely different rules and protocols. You can access an equivalent amount of ETH by using a crypto bridge.
Cross-chain bridges do not transfer your Bitcoin from the Bitcoin blockchain to the Ethereum blockchain. Instead, the bridge will generate tokens equivalent to your BTC but can be used on the Ethereum blockchain. Smart contracts are designed to keep track of everything you send and receive.
There are two types of bridge hacks: code attacks, which exploit vulnerabilities in smart contracts, and network design attacks, frequently accomplished through social engineering. These hacks are not unique to bridges; rather, they are part of the ongoing challenge of crypto hacking and phishing attacks.
Blockchain bridge hacks are typically designed to release tokens on one blockchain without a corresponding deposit on the other. Below is a summary of how that works in practice:
False deposit events: A crypto bridge will frequently monitor one blockchain for deposit events in order to initiate a transfer to the other. An attacker can take money out of the bridge at the other end if they can create a deposit event without making a real deposit or by making a real deposit, or by depositing with a token that has no value. This took place in the Qubit hack, in which a legacy deposit function in the code allowed for fake bridge contract deposits.
Validator Takeover: On some cross-chain bridges, a group of validators votes on whether or not to approve a specific transfer. If the attacker controls most of these validators, they can approve fraudulent and malicious transfers. This happened during the Ronin Network hack when the attacker took control of five of the bridge’s nine validators.
Fake deposits: Crypto bridges validate a deposit before allowing a transfer to proceed. An attacker can defeat the validation process if they can establish a fake deposit that validates as a real one. In the Wormhole incident, $320 million was stolen by the hacker who took advantage of a weakness in the validation of digital signatures.
FTX, one of the world’s largest cryptocurrency exchanges, and its downfall is a recent example of the real-world implications of crypto. FTX collapsed in a historical event, putting millions of dollars in customer funds at risk. Hackers who stole approximately $477 million in cryptocurrency from the defunct exchange have begun to launder the funds. To conceal the exact origin of the funds, the hackers used a variety of techniques such as Peel chains, Coinjoins, and Bridges. The hacker intended to conceal the receiver and sender of laundered funds, thereby increasing anonymity.
Through money laundering, hackers fund and profit from illegal activities such as narcotics, arms sales, contraband smuggling, bribery, insider trading, embezzlement, and fraud schemes. Let us have a look at how crypto hackers launder funds. There are mainly three stages:
1) Placement: When dirty money is introduced into the financial system, this is referred to as placement. This is frequently accomplished by dividing large sums of cash into smaller sums that can be deposited into a bank account or by buying monetary instruments such as money orders or checks that can be collected and deposited into other locations’ accounts.
2) Layering: The layering phase occurs when the launderer moves the fund via a series of financial transactions to make tracking the original source difficult. Cryptocurrencies can be bought with cash (fiat) or other crypto coins (altcoin). Online crypto trading markets or exchanges vary in their compliance with financial transaction regulations. Legitimate exchanges comply with Anti-Money Laundering (AML) requirements for identity validation and fund sourcing. Other blockchain-based platforms are not as concerned with AML. Most Bitcoin money laundering transactions take place with this vulnerability.
3) Integration: The integration point - the final stage of currency laundering - is the point at which dirty currency can no longer be easily traced back to criminal activity. Even though the currency is no longer directly linked to crime, money launderers still require a way to explain how they obtained it. That explanation is integration. One of the most important opportunities to detect illegal activity occurs during the integration phase when crypto meets fiat. Tracking blockchain transactions that scrutinize blockchain and fiat currency is critical for detecting risk during the transition period.
To protect against theft through crypto bridges, it is important to remain vigilant and follow best practices for security.
Here are some tips for protecting your funds:
Use secure and well-vetted crypto bridges: When choosing a crypto bridge, research and ensure that the bridge has undergone thorough security audits. Check the track record of the bridge and the company behind it, and look for any red flags or warning signs.
Keep your funds in a secure wallet: Keeping your funds in a secure wallet, such as a hardware wallet, can help to prevent theft. Make sure that you use a wallet that is designed for the specific cryptocurrency that you are holding.
Use strong passwords and multi-factor authentication: Whenever possible, use strong passwords and multi-factor authentication to secure your accounts. This can aid in preventing unauthorized access to your funds.
Regularly monitor your transactions: Regularly monitor your transactions to ensure they are being processed correctly. If you notice any unusual activity, take immediate action to protect your funds.
Stay informed about security threats: Stay informed about the latest security threats and be aware of the types of attacks that can occur in crypto bridges. This can help you to identify and respond to potential threats more quickly.
Use decentralization wisely: Crypto bridges can help increase your assets' decentralization, but it is important to use this technology wisely. Consider the risks involved and ensure that you are comfortable with the level of decentralization you use.
Enable notifications: Enable notifications for your crypto bridge transactions so that you are immediately altered if a suspicious transaction occurs. This can help you to respond quickly and prevent theft.
Keep your software up-to-date: Make sure you keep your crypto bridge software up-to-date, as well as any software that you use. This can help to prevent theft by exploiting known vulnerabilities.
Use a reputable exchange: If you are exchanging cryptocurrencies through a crypto bridge, make sure to use a reputable exchange. Look for an exchange with a good reputation, a user-friendly interface, and strong security measures.
Avoid phishing scams: Phishing scams are a common method for stealing cryptocurrency, so it is important to be cautious when clicking on links or entering your private keys online. Always check the URL of the site you visit and ensure it is correct before entering any sensitive information.
In addition, AML regulations play an important role in preventing crypto bridge hacks by helping to detect and prevent the illegal use of cryptocurrencies for illicit activities. These regulations help ensure financial institutions have appropriate AML controls to monitor transactions and identify suspicious activity.
Bridges have the potential to boost DeFi liquidity and encourage blockchain interoperability. Creating secure cross-chain bridges, on the other hand, remains a difficult task in the crypto space. Crypto bridges hacks are all too common, and several Web3 users are apprehensive about using bridges after learning about million-dollar exploits.
Although bridges are an important tool in DeFi, users should exercise caution before entrusting their crypto to these protocols. Crypto bridge providers should implement robust security measures to prevent unauthorized access and protect their users’ funds. AML regulations are one aspect of a multi-layered approach to securing cryptocurrencies and protecting against financial crime. Also, by staying informed and taking precautions, cryptocurrency users can reduce their risk of falling victim to crypto bridge hacks and other types of crypto theft. Bridges are an amazing way to connect individuals, entities, and digital constructs, but they must be sturdy, safe, and secure before being used.