August 16, 2022
August 16, 2022

Understanding Crypto Bridges and $1 Billion in Thefts

Placeholder while article actions load

There’s a reason bridges are more important than an average stretch of road — and why holes in them are more dangerous. As the cryptocurrency world has grown more complex, more and more transactions have come to rely on so-called crypto bridges that enable transactions involving a wide range of tokens. In June, hackers looted about $100 million from crypto bridge Horizon. Even before that hack, money stolen from bridges had exceeded $1 billion, a stark reminder that just because something is useful, fast and cheap doesn’t mean it’s safe. 

1. What’s a crypto bridge?

A platform that allows tokens designed for one blockchain — the digital ledger that records and verifies transactions conducted using that token — to be used on another. Bridges weren’t needed in crypto’s early days. Some 13 years ago, there was only the Bitcoin blockchain. Now, there are thousands of blockchains, each with its own advantages — such as lower transaction fees — and with its own army of applications, ranging from nonfungible token (NFT) marketplaces to decentralized crypto exchanges. The rising interest in DeFi, in which users often seek to lend or trade a variety of currencies, has increased the need for mechanisms to bridge the gulf between blockchains. More and more investors are seeking to jump from one chain to another to earn yields or to buy art. Someone who has Ether tokens may wish to go onto blockchains that have lower “gas,” or transaction fees than Ethereum, like Solana, to purchase NFTs, or to Polygon to play games, for example.  

2. How do crypto bridges work? 

Most often, by using so-called wrapped coins. Those are tokens that are meant to function as a one-to-one representation of the value of other currencies, similar to stablecoins. Just as a stablecoin like Tether pegs the value of a single token at $1, a token of wrapped Ether is worth whatever a single Ether (the currency of the Ethereum blockchain) is worth. Bridges typically use so-called smart contracts to automatically convert a user’s currency into a wrapped token that can be used on a different blockchain. But if the underlying Ether deposited with a bridge is stolen, the wrapped Ether becomes worthless. 

3. How big is the problem with bridges? 

Almost $12 billion is locked on Ethereum bridges, data from Dune Analytics show. On March 23, the Ronin Bridge, which is connected to the popular Axie Infinity online game was attacked, with the hacker stealing 173,600 Ether and 25.5 million USDC tokens in two transactions, for a total take of about $600 million. In February, hackers stole around $300 million from Wormhole, a bridge connecting Ethereum to the Solana blockchain. That same month, the Meter Passport bridge got hacked for several million dollars of crypto. In January, Qubit Finance, a project that enables cross-chain function was hacked. 

4. Why are bridges so vulnerable?

It’s not only hacks. Bridges have proven to be vulnerable to other unique problems. In 2021, the Optics bridge on the Celo network saw its bridge development team effectively lose control of the project. Figuring out what’s gone wrong or who is responsible for the design or operation of a particular bridge can be hard. Developers can be anonymous, and the names of the validators — a handful of computers that secure the bridge’s transactions — may be purposefully kept secret. Many are run by organizations with little security staff — it can take days for an issue to be even discovered. At Ronin, the theft was only discovered six days later.

5. What does this mean for crypto users? 

They need to be aware that security remains a widespread issue. Fortunately for Wormhole users, its sponsor Jump Crypto ended up covering the bridge’s losses. Axie Infinity creator Sky Mavis said it would restart the bridge and reimburse users in late June. But such compensation isn’t guaranteed, and shouldn’t be expected every time. Ethereum co-founder Vitalik Buterin said in January that bridges are insecure, and users need to keep tokens only on blockchains they are native to to stay safe.

• A Bloomberg News article on the spate of hacks at bridges.

• An interview with the president of Jump Trading about the company’s response to a $325 million bridge heist.

• Dune Analytics’ page on bridges.

• Explainers on bridges from Coindesk.com and Coinmarketcap.com.

More stories like this are available on bloomberg.com


Be the first to comment

Leave a Reply

Your email address will not be published.


*