Cross-Chain Protocols: A Prime Target for Hackers in 2023
Cross-chain protocols have become a major target for hackers, with significant incidents highlighting the vulnerability of these systems. One of the most notable breaches was the $650 million Ronin Bridge hack affecting Axie Infinity, which accounted for a large portion of the stolen funds this year. Additionally, in the second half of 2022, Nomad lost $190 million due to wallet hacks. In another incident, hackers accessed the private keys of 8,000 wallets within the Solana ecosystem, resulting in the theft of $5 million in Solana (SOL) and Solana Program Library (SPL) tokens.
On August 8, deBridge Finance revealed the tactics believed to be used by the North Korean Lazarus Group in their phishing attacks. Just days later, Curve Finance was compromised, with hackers redirecting users to a counterfeit website, leading to the theft of $600,000 worth of USD Coin (USDC).
Alex Smirnov, founder of deBridge Finance, noted an increase in these attacks due to the role of cross-chain protocols as liquidity aggregators that facilitate cross-chain value transfers. As these protocols seek widespread liquidity through methods like liquidity mining, they inevitably attract malicious actors. Smirnov explained, "By locking a large amount of liquidity and inadvertently providing a diverse set of available attack methods, bridges are making themselves a target for hackers."
Smirnov further elaborated that the security models of the blockchains involved in bridging protocols form the middleware components, creating an attack surface that allows exploiting one chain to drain liquidity from others. The Web3 and cross-chain ecosystem is still in its infancy, and teams are learning from each other's mistakes, much like the early years of the DeFi sector, which saw numerous exploits. deBridge co-founder Vadim Tkachenko acknowledged that these growing pains are a natural part of the process: "The cross-chain space is extremely young even within the context of Web3, so we’re seeing this same process play out. Cross-chain has tremendous potential, and it is inevitable that more capital flows in, and hackers allocate more time and resources to finding attack vectors."
Given the increasing frequency of these exploits, projects are likely considering how to mitigate these threats. However, there isn't a straightforward solution, as attackers have multiple avenues of attack. Smirnov compared bridging protocols' security to a "Swiss cheese" model, where an attack is only possible if multiple 'holes' align temporarily. He emphasised, "To make the level of risk negligible, the size of the hole on each layer should be as minimal as possible, and the number of layers should be maximised."
Developing a robust security model for cross-chain platforms is challenging due to the complexity and the many moving parts involved. These protocols encompass various risks, necessitating multi-layered security strategies. The consensus algorithm and codebase of supported chains are vulnerable to 51% attacks, blockchain reorganisations, and bugs in the blockchain codebase. There is also the risk of validator collusion or compromised infrastructure within the validation layer. Furthermore, vulnerabilities in the software development process, such as bugs in smart contracts and bridge validation nodes, pose significant threats. deBridge also highlighted the importance of protocol management.
"All these risks are quickly compounded. Projects should take a multi-faceted approach, and in addition to security audits and bug bounty campaigns, integrate various security measures and validations into the protocol design itself," advised Smirnov.
One critical point to remember is that although deBridge's team successfully thwarted social engineering attacks, phishing attacks remain one of the most prevalent threats to the broader ecosystem. Education and strict internal security policies are crucial to avoid falling victim to these sophisticated attempts to steal credentials and hijack systems.
