This year has witnessed crypto heists totalling up to $1.2 billion, which is twice the amount of last year’s record, according to research by the London-based blockchain analysis company Elliptic.
Last week, criminals stole an estimated $190 million from the American crypto firm, Nomad. It was the sixth breach of 2022 to target a growingly crucial component of the cryptocurrency machinery–blockchain “bridges” that let coins be exchanged between different blockchain networks.
Fertile land for new vulnerabilities
The co-founder of the cybersecurity company CertiK and professor of computer science at Columbia University in New York, Ronghui Hu, stated that “This is a war where the cybersecurity firm or the project can’t be the winner.”
We have so many projects to safeguard; he said. When hackers examine a project and discover no problems, they may just move on to the next one until they identify a weak spot.
Bridges facilitate transactions across various chains, but they can also be the weakest link, as shown by the frequency with which hackers are now successfully exploiting them.
The Nomad hack becomes the eighth-largest crypto heist in history. Other thefts from bridges this year include a $615 million heist at Ronin, used in a well-known online game, and a $320 million theft at Wormhole, utilised in so-called decentralised banking applications.
Steve Bassi, co-founder and CEO of malware detector PolySwarm said “Blockchain bridges are the most fertile ground for new vulnerabilities.”
Potential flaws in smart contracts
According to Ganesh Swami, CEO of blockchain data company Covalent in Vancouver, which had some cryptocurrency stored on Nomad’s bridge when it was hacked, one reason why hackers have recently targeted these cross-chain bridges is because of the enormous technical sophistication involved in developing these kinds of services.
Some bridges, for instance, modify crypto coins to make them interoperable with various blockchains while keeping the original coins in reserve. Others rely on smart contracts, complicated agreements that automatically complete transactions. All of these could have bugs or other weaknesses in the programming that could open the door to hackers.
Cross-chain bridges are a tempting target for hackers because they frequently use a centralised infrastructure that typically locks up assets, according to Victor Young, founder and chief architect of U.S. blockchain company Analog.