A DeFi bridge is a mechanism that enables the transfer of assets between blockchains, addressing one of the primary problems with them: a lack of interoperability.
However, security dangers are associated with using these bridges, which makes it necessary to research these gaps and provide case studies to back up these assertions.
At the end of this article, you should be able to understand what DeFi bridges are, why they are so important and why they get broken.
- What Are DeFi Bridges?
- How do DeFi bridges work
- Why do we need a DeFi bridge – Importance of DeFi Bridges
- Why do DeFi Bridges break?
- Case studies of broken DeFi bridges
What Are DeFi Bridges?
A DeFi bridge, also known as a blockchain bridge, is a tool that enables you to transfer assets from one blockchain to another, addressing one of the primary problems with blockchains: a lack of interoperability.
One of the most critical constraints on the growth and development of the blockchain industry has been the inability of multiple blockchains to cooperate.
Each blockchain has its set of guidelines, tokens, protocols, and smart contracts. Blockchain bridges assist in bridging these divisions and connecting the separate crypto ecosystems.
These bridges help you connect tokens and data easily between blockchains. Interoperability is crucial because it aids users in doing the following:
- Transfer digital assets from one blockchain to Dapps on a different blockchain.
- Carry out quick, inexpensive transactions of tokens hosted on otherwise less scalable chains.
- Use various platforms to run Dapps.
How Do DeFi Bridges Work
Blockchain bridges use wrapped tokens to enable communication between them.
Let’s see how it all functions:
When a user uses a bridge to transport cryptocurrency or other assets from one network to another, the assets are not transferred. Instead, smart contracts or other means help lock them on the network.
On the blockchain, where the assets are “shipped,” an equivalent number of wrapped tokens are created.
This process unlocks the original tokens and destroys the new ones if the user decides to claim their assets.
By way of illustration, sending a Solana currency to an Ethereum wallet across a bridge would result in the Ethereum wallet receiving a wrapped token – effectively an ERC20 variant of the original SOL token.
With this knowledge of how DeFi Bridges work, it is important to shed a little light on how hackers hack these bridges. The two main channels through which hackers hack DeFi bridges are:
- Code attacks
Here, if there are any loopholes in the smart contract, it is then exploited by the hacker(s).
2. Attacks on the design of a network
This form of attack usually takes place through social engineering.
Why Do We Need DeFi Bridges?
Beyond the primary problem, which is the lack of interoperability, DeFi bridges are crucial for many more reasons. Some of these are:
- Allows for DeFi advancement
Different blockchains must interact with one another for DeFi and other dApps to develop, grow, and fulfil the demands of the dynamic world.
We can overcome the single network barrier in the blockchain realm via blockchain bridges by overcoming the siloed structure of blockchains. DeFi advancement is, after that, made possible.
2. Efficiency and fee reduction
Scalability is another significant issue that blockchain bridges can aid in resolving. Different networks will need to serve more considerable transaction volumes and offer faster processing as blockchain gains popularity.
Bridges can be utilized to create scalability solutions where the transaction burden is shared amongst connected chains thanks to their capacity to permit cross-chain transfers.
Bridges also make it simple for consumers to move their assets from a costly network like Ethereum to a platform with cheap fees.
3. Interoperability in dApp development
Bridges can help dApps become more effective by giving them a mechanism to take advantage of the advantages and opportunities offered by several blockchains.
They permit protocol innovation, resulting in fresh ideas for problems.
Reasons Why DeFi Bridges Break
Bridges may ultimately be impenetrable solutions, but they are still relatively new in today’s world. Bridges present the blockchain with several issues as they develop.
Here are the reasons why DeFi Bridges break and the risks involved:
- Decentralized blockchain networks are dependent on their communities and governance standards. The network’s infrastructure supports a stand-alone environment, although data saved on the chain is entirely transparent.
- DeFi and other decentralized applications cannot advance due to the compartmentalized nature of blockchain technology, although it has shown to be helpful in some situations.
- The technology is constrained because there is no connection between chains, rather than exploiting the functions of various Dapps to promote growth.
Risks Involved In DeFi Bridges
The likelihood of collusion forms is another consequence of the centralization of trustworthy bridges. The governing members possess the ability to band together and steal money from users.
- Risks associated with smart contracts
It is impossible to overstate the importance of smart contracts for bridge development.
This fact is especially relevant for decentralized bridges, which depend on self-executing algorithms to provide essential features like the creation and destruction of wrapped coins.
Insufficiently developed smart contracts may have vulnerabilities that could be exploited or used against them.
One such instance is the February Wormhole breach, in which a hacker successfully stole 120,000 wETH by taking advantage of weak points in smart contracts.
In the case of trustworthy bridges, one entity or a restricted number of users exercises control. Operators of the bridge have the authority to stop asset transfers if they believe that the transactions would not be in their best interests.
Case Studies Of Broken DeFi Bridges
The wormhole bridge attack
A bridge like Wormhole takes an Ethereum token, locks it into a contract on one chain, and then issues a counterpart token on the chain on the opposite side of the bridge.
Auston Bunsen, the co-founder of QuikNode, a company that offers blockchain infrastructure to developers and businesses, said that bridges like Wormhole function by having two smart contracts – one on each chain.
One smart contract ran on Solana in this instance, and another ran on Ether.
According to preliminary CertiK analysis, the attacker created 120,000 so-called “wrapped” Ethereum tokens for themselves by taking advantage of a weakness on the Solana side of the Wormhole bridge.
Please note that wrapped Ethereum tokens are compatible with other blockchains and are tied to the value of the original coin. The Ethereum on the Ethereum side of the bridge appears to have been claimed by them later using these tokens.
Developers working for Wormhole verified the vulnerability on Twitter. They said the network was “down for maintenance” as it investigates a “possible exploit”. Current downtime affects the official protocol website.
Studies by the blockchain cybersecurity company CertiK show that the attacker has made profits of at least $251 million in Ethereum, close to $47 million in Solana, and more than $4 million in USDC, a stablecoin tethered to the value of the dollar.
According to CertiK, before the exploit, the bridge “basically operated as an escrow service” by holding a 1:1 ratio of wrapped Ethereum to Ethereum on the Solana blockchain.
2. The harmony’s horizon bridge hack
This year’s third significant bridge hack targeted Horizon, allowing cross-chain transfers between Ethereum and Binance’s Smart Chain.
Hackers took $620 million from the Ronin bridge a month after stealing more than $300 million from the Wormhole bridge in February. Cryptocurrency assets like Ethereum, Binance Coin, Tether, USD Coin, and Dai were among those seized, claims blockchain analysis firm Elliptic.
Elliptic continued by saying that the stolen tokens have now been exchanged for Ethereum utilizing decentralized exchanges – a “commonly seen technique with these hacks,” it said.
Harmony did not specify how the hackers took the money, but one investor going by the name of Ape Dev expressed worries about the security of the Horizon bridge as early as April.
A multi-signature wallet or “multisig” that only needed two signatures to start transactions was crucial to the security of the Horizon bridge, the researcher said on Twitter.
For added security on transactions, multisig wallets demand the agreement of many participants.
3. Axie Infinity’s Ronin bridge
In this case, there was a compromise on the nine validator nodes that handle transactions, and the hackers took over five of them.
According to Khurana, its design problem was that four of those five nodes were under the supervision of Axie creator Sky Mavis.
Hackers gained access to those four nodes via social engineering: On LinkedIn, an Axie developer submitted a phoney job application and opened a document with malware that was a bogus job offer.
A hacker used a third-party validator run by the Axie DAO to compromise the fifth node.
The network’s design, with several nodes under one party’s control, made it simpler for hackers to take over, even though the code appeared to function as intended.
Blockchain bridges are a step toward building an open Web 3.0 where many networks can interact and communicate.
As a result, blockchain technology will likely experience substantial innovation and advancement. Blockchain could develop into a more valuable and versatile technology with the help of bridges.
But, we must overcome several obstacles to avoid security threats, unethical behaviour, and technological mistakes.