On March 23, 2022, the biggest loot in the history of cryptocurrency went down when the Ronin blockchain network got robbed of a whopping $625 million by way of a hack.
The money was swindled from a type of crypto service called a “bridge”. A bridge is used to connect one blockchain to the next in order for value to be transferred between them.
But this wasn’t the first time a bridge had been hacked and looted. Only two months previously, a bridge called Wormhole was robbed of $325 million, and roughly six months before that Poly was taken by hackers for $600 million.
But what precisely is a blockchain bridge? And more importantly, can anything be done to prevent these hacks from happening in the future?
Blockchain Bridges Explained
A blockchain bridge connects cryptocurrencies of differing varieties, which essentially allows the user to exchange one kind of coin for another.
With so many cryptocurrencies available right now, developers soon realised the need for a simplified way for these currencies to interact with one another. The result of this is a blockchain bridge.
Why Are Bridges Targeted?
Unlike the case with blockchain security, there’s no set of rules in place for how bridges are supposed to keep cryptocurrency secure whilst in the process of conversion. And since bridges handle hold oodles of currency at any given time, they’ve become a soft target for hackers.
In real-world terms, a bridge receives hundreds, sometimes thousands, of incoming transactions of a single type of cryptocurrency on any given day. These incomings are then locked up as a deposit while an equivalent value of requested cryptocurrencies are released to users in return.
When a bridge is hacked however, the cyber-criminal can withdraw coins from one side of the bridge without levelling it out with a deposit on the other side.
Because of their complex code, bridges create regular opportunities for hackers to create bugs that can be exploited for monetary gain.
The Issue Of Security
However, none of this means that bridges are a threat to the overall security of cryptocurrency. Since the crypto industry has done such a phenomenal task at securing the system, bridges just happen to be the “weakest link” right now.
Something else worth keeping in mind is that many bridges aren’t even on the blockchain at all. Ronin, for example, was configured in such a way that it works off-chain, meaning while it’s able to interact with blockchain, it ran on a different server.
Possible Remedies
The question of how to stop bridges from getting looted by hackers in the future is a complex one to answer.
What seems to be coming up right now is the idea of “code auditing”. This would refer to different experts combining their knowledge of different types of programming languages in a way that could prevent certain blind spots from happening.
Interestingly enough, many blockchain projects don’t have even a single auditor listed. But this is likely simply because of how quickly the market has boomed, explains Nick Selby, who is Director of Assurance Practice at auditing company “Trail of Bits”.
But since code auditing is clearly the way of the future, we’re likely to see big changes happening soon.