How trustless bridges can help protect users

    Published on:

    A blockchain bridge allows decentralized finance (DeFi) users to use the same token on multiple blockchains. For example, a trader can use he USD Coin (USDC) on her Ethereum or Solana blockchains to interact with decentralized applications (DApps) on those networks.

    While these protocols may be convenient for DeFi users, they are at risk of abuse by malicious actors. For example, last year Wormhole Bridge (a cross-chain crypto bridge popular among Solana, Ethereum, Avalanche, etc.) was hacked, and an attacker said he stole $321 million worth of wrapped Ethereum (wETH). I was. This is his biggest DeFi hack. History of those days.

    Just one month later, on March 23, 2022, the Ronin Network bridge (Axie Infinity’s Ethereum-based sidechain) was hacked for over $620 million, and on August 2, the Nomad bridge was hacked for $190 million. Hacked for over $10,000. In total, over $2.5 billion of him was stolen from Cross Chain Bridge between 2020 and 2022.

    Known as non-custodial or decentralized bridges, trustless bridges can improve the security of users’ cross-chain transfers.

    What is a blockchain bridge?

    A cross-chain bridge is a technology that enables the transmission of assets or data from one blockchain network to another. These bridges allow two or more separate blockchain networks to communicate with each other and share information. The interoperability provided by cross-chain bridges allows assets to be moved from one network to another.

    Recently: SEC vs. Kraken: One-off or First Salvo in Attacking Cryptocurrencies?

    Most bridging technologies use smart contracts on both blockchains to enable cross-chain transactions.

    Cross-chain bridges can move many assets, including cryptocurrencies, digital tokens, and other data. These bridges make it easier for different blockchain networks to work together, and users to take advantage of the unique features and benefits of each network.

    Trusted and Untrusted Bridges

    When it comes to bridging protocols, there are two main types: centralized (trusted) bridges and distributed (trustless) bridges. Trusted Bridges are managed by a central entity that manages tokens as they are transferred to the bridge. The main risk of a custodial bridge is the single point of failure (centralized custodian), making it an easy target for hacking attempts.

    Instead of using centralized custodians to transfer tokens between blockchains, trustless bridges use smart contracts to complete the process.

    A smart contract is an automated program that performs certain actions when conditions are met. For this reason, untrusted bridges are seen as a more secure alternative, as each user maintains custody of their tokens during the transfer process.

    However, trustless bridges can be compromised if the smart contract code has vulnerabilities that the development team has not identified and fixed.

    Pascal Verand, blockchain researcher and core developer of Nimiq, a blockchain-based payment protocol, told Cointelegraph, “In general, the use of cross-chain bridges is more attractive than the use of single blockchains. It poses additional risks,” he said.

    “Increase the attack surface through blockchains, potential custodians and smart contracts. There are different types of cross-chain bridges with different trade-offs around these risks.” He continued:

    “A cross-chain bridge usually involves two or more blockchains with different security mechanisms. Therefore, the security of the bridged asset depends on the weakest blockchain involved in the bridge. For example, if one of the blockchains is attacked, a cross-chain swap can be undone on one chain but not on the other, resulting in an asset imbalance. increase.”

    Berrang also highlighted vulnerabilities related to bridge assets locked to the bridge. “Funds are typically stored or locked in a central location that constitutes a single point of failure. Depending on the type of bridge, these funds are exposed to different risks. Bugs in these contracts can render bridged assets worthless,” said Berrang.

    “An example would be a bug that allowed unlimited creation of new bridge tokens. are at risk,” he added.

    Jeremy Musighi, head of growth at automated market maker Balancer, sees additional risks in the complexity of blockchain bridges, telling Cointelegraph: Security is one of his biggest risks. Implementing cross-chain bridges is complex and difficult, making them prone to errors and vulnerabilities that malicious actors can exploit to steal assets or perform other malicious actions. “

    Musighi also pointed out that scalability issues pose additional risks to the bridging process, saying, “Cross-chain bridges cannot handle large amounts of traffic, which can lead to delays for users and increased costs. Scalability is another risk.”

    Protect your bridge from exploits

    Developers can prevent cross-chain bridges from being hacked by implementing several security measures that help ensure the confidentiality, integrity, and authenticity of transferred assets.

    One of the most important measures is to ensure that the smart contract code that forms the core of the cross-chain bridge is secure and free of vulnerabilities. This is achieved through regular security audits, bug bounty programs, and code reviews that help identify and fix potential security issues.

    Another measure developers can take is to use cryptographic algorithms such as digital signatures and hash functions to secure transfers of assets and information between different blockchain networks. This helps protect transferred assets and prevents malicious actors from interfering with the transfer process.

    Additionally, regular network monitoring is essential to detect suspicious activity and prevent attacks. By monitoring the network, developers can detect security issues and take appropriate action to resolve them before they occur.

    Finally, developing and deploying a secure cross-chain bridge requires following best practices such as secure coding practices, testing and debugging, and secure deployment methods. By doing so, developers can ensure the security and stability of the cross-chain bridge.

    Preventing cross-chain bridge hacking requires following secure code, encryption algorithms, robust consensus mechanisms, network monitoring, and best practices.

    Is a trustless bridge a better solution?

    Trustless bridges can provide a more secure solution for bridging assets between blockchains only if the smart contract code is fully audited and confirmed to be free of vulnerabilities.

    A key security benefit of trustless bridges is that a smart contract handles the transfer process, allowing users to manage their tokens throughout the process. Furthermore, since there is no central authority to lock the token, there is no single point of failure, making it harder to attack the bridge.

    Recently: Binance Bank Issues Highlight a Divide Between Crypto Firms and Banks

    Musighi told Cointelegraph: It is a single point of failure and a focused attack surface targeted by hackers. “

    “Trustless bridges are easier to audit and have clear benefits of minimizing trust. It can be seen as a low option, but not a risk-free option,” Berrang said.

    As the decentralized finance space matures, developers will need to take additional measures to secure cross-chain bridges. However, trustless bridges may grow in popularity as cryptocurrency users become more interested in self-management and decentralization.