After the collapse of many crypto giants like Celcius and FTX, the worrying rise of DeFi hacks has probably been the year’s second most notable trend. The most prominent of these is the cross-chain bridge hack.
According to a report by crypto data aggregator Token Terminal, cross-chain bridges are the victim of 50% of DeFi exploits. Over the course of two years, approximately $2.5 billion has been stolen by hackers by exploiting their unique vulnerabilities. The amount lost is eye-watering compared to DeFi lending hacks ($718 million) and DEX hacks ($362 million) over the same period.
In the first half of 2022, thefts exploiting cross-chain bridges increased by 58% when compared to the same period in 2021.
There have been multiple prominent bridge hacks this year. In August, Nomad was hacked for approximately $200 million after developers made changes to its smart contracts. As a result, hackers were able to create false crypto transactions to unload funds from its reserves. A month before, 50k wallets were affected by an attack on the cross-chain Harmony Horizon bridge. The hackers left with $100 million in funds.
Allowing Blockchains To Communicate
Cross-chain bridges enable blockchains to talk to one another. They were designed to meet the increasing demand to transfer assets between them without a central authority. They fix a core problem with blockchains: it is hard for them to work together and communicate. In most respects, blockchains are closed spaces. Cross-chain bridges help open them up and increase liquidity.
These bridges serve as a kind of “neutral zone” that doesn’t belong to either of the blockchains that it enables communication for. They can be useful if, for example, you want to buy an Ethereum NFT with your bitcoin and don’t want to use an exchange.
2022 was the breakout year for interchain use. The increase in cross-chain bridge hacks has increased as users expect blockchains to be more interoperable. As bridges are relatively new and less battle-hardened, hackers have increasingly turned to them for an easy payday. As with all technology, it is common for infrastructure to lag behind adoption.
Bridges Are Becoming Safer
Most bridges are a form of federated multisigs, meaning they require multiple signatures to approve a transaction. According to Sergey Gorbunov, Assistant Professor at the University of Waterloo and the Head of Cryptography at Algorand, its centralized nature makes it less secure. “In Web3, any activity brings added risk: Liquidity providing is riskier than staking; transacting is riskier than holding, and interchain transactions are riskier than transacting within a single chain,” he says. “Therefore, interchain builders should try to achieve even stronger security than the chains they connect. However, most interchain services are providing weaker security.”
However, there is no need to panic. With each hack comes greater scrutiny of bridges’ vulnerabilities, decreasing the chances of them happening again. Although this is not much consolation if you owned some of the $2.5 billion that was stolen this year.
In the meantime, more Layer 1s are finding ways to support interchain connections using the secure, universal infrastructure. “Polygon and Osmosis are great examples of this, partnering with Axelar to ensure developers in their ecosystems know they have a secure option for interchain communication,” he continues. “Ultimately, these technologies are permissionless, so it is up to ecosystem leaders to set secure practices as defaults and establish awareness in their communities.”
According to Professor Gorbunov, more education is needed for developers to move to a more interchain mindset. “The single-chain mindset leaves bridging up to the user, which creates unnecessary risk and a bad user experience. Building natively for interchain means the developer can create one-click experiences that integrate any asset, any function, on any chain.”
Crypto Crime Is Decreasing
Actors in the space are taking notice of these risks, and there is hope on the horizon. Recently, Axelar, a network specializing in secure cross-chain communication, announced its Ecosystem Funding Program. The initiative is designed to speed up the development of decentralized applications and protocols that can replace centralized exchanges. Development partners include Arbitrum, Circle, Osmosis, and Polygon.
Professor Gorbunov is the co-founder of Axelar.
“The EFP and the partnerships Axelar has formed with Layer 1 ecosystems show the commitment that is forming around the kind of Web3 development that is possible with secure, universal interchain infrastructure,” he says.
There are other reasons to be cheerful. According to Chainalysis’ recent 2022 Crypro Crime Report, illicit transactions across the ecosystem are declining as a share of the overall number. Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021. Despite the raw value of illicit transaction volume reaching its highest level ever.
According to the report, in 2019, 3.37% of all transactions were related to some kind of criminal activity. That plummeted by 82% to 0.62% in 2020. In 2021, it dropped by another 76% to 0.015% of all transactions.
DeFi still remains the largest arena for solen funds. In 2021, nearly $2.5 billion dollars worth of funds was lost to DeFi exploits. Whereas centralized exchange hacks accounted for less than $500 million. According to Chainalysis, the majority of thefts that occur through DeFi protocols are the result of errors in the smart contract code that governs these protocols.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.