Security Explained: Blockchain Bridges
11 May 2022
The blockchain continues to be a remarkable piece of technology that has been proven to be secure by its decentralized nature, with bridges acting as a safe passage for transferring tokens and data. However, you can never be too safe on the blockchain, and it’s best to stay educated and up to date.
What is a Blockchain Bridge?
Blockchain bridges (or a ‘crypto bridge’ as it is otherwise called) are a link that allows tokens and arbitrary data to be transferred from one chain to another. Both chains may use different protocols, rules, and governance structures, but the bridge offers a safe way to communicate. Some bridges can even connect multiple blockchains, creating an ecosystem of chains that all talk to one another and allowing users to make highly complex moves and transactions.
There are numerous diverse bridge designs, but they may be roughly split into two camps: centralized bridges that rely on trust or federation and more decentralized "trustless" bridges. Users must trust a mediator to utilize a certain app or service since centralized bridges rely on some form of central authority or system to function.
On the other hand, trustless bridges do not need users to invest their faith in a single person or authority. Rather, the mathematical truth included in the code is trusted. This reality is accomplished in a decentralized blockchain system by numerous computer nodes reaching a shared consensus based on the software's rules. Employing openness and incentivizing public involvement solve many of the problems that centralized systems have, including corruption and power abuse.
Bridges can be built for a variety of purposes. They may be used to trade any sort of data, including smart contract calls, decentralized IDs, off-chain data from oracles like stock market price feeds, and much more. Bridges enable even more decentralized applications because their initial network no longer constrains them.
While bridges open up countless new markets and work towards a brighter, multi-chain future, they come with their own security challenges.
Earlier in April, cryptocurrency network Ronin disclosed a breach in which attackers made off with $540 million worth of Ethereum and USDC stablecoin. The incident, which is one of the biggest heists in the history of cryptocurrency, specifically siphoned funds from a service known as the Ronin Bridge. Successful attacks on blockchain bridges have become increasingly common over the past couple of years, and the situation with Ronin is a prominent reminder of the urgency of the problem.
In addition to the Ronin heist, attackers stole about $80 million worth of cryptocurrency from Qubit Bridge at the end of January, roughly $320 million worth from Wormhole Bridge at the beginning of February, and $4.2 million worth days later from Meter.io Bridge. Memorably, the Poly Network bridge had about $611 million worth of cryptocurrency stolen last August before the attacker gave the funds back a few days later. In all of these attacks, hackers exploited software vulnerabilities to drain funds, but the Ronin Bridge attack had a different weak point.
The need for security
With all these major hacks happening so frequently and in such a close amount of time, it should be obvious that security is urgently needed. Once something is on the blockchain, it is unchangeable and accessible to anyone. So if there’s a flaw in the bridge, you can guarantee hackers will exploit it.
We always heavily recommend a full source code review before deploying your bridge on the blockchain. Unfortunately, there are no options for black or grey box testing in this regard. It must be a ground-up check to guarantee its security. While there are a number of machines that are continuously checking new entries and agreeing on whether they are valid and legitimate, these machines are custom coded by developers. Human error is inevitable, and mistakes can be easily made.
All it takes is one slip up with a bad line of code, and hackers have a way in. In this kind of situation, you can’t afford to miss a single line of code. You need to ensure your security is airtight and correct before uploading. The blockchain is constantly evolving, and its security should never be neglected. Don’t build the perfect pathway on your bridge for hackers.