What Is a Cross-Chain Bridge and How Are Bridges Hacked?

A cross-chain bridge is designed to integrate two blockchains that — in most cases — were never designed to be integrated.  

With the exception of blockchains built using a Layer 0 protocol such as Cosmos or Polkadot, blockchains are typically designed as standalone systems that support external integrations via APIs and smart contracts.

Cross-chain bridges are often implemented using smart contracts.  To transfer assets across a bridge, a user sends them to a specific account on the blockchain.  This triggers a transfer across the bridge which, if approved, causes the assets to be released and sent to the user’s account on the other blockchain.

Hacks of blockchain bridges are typically designed to cause tokens to be released on one blockchain without a corresponding deposit on the other.  The main ways in which this can be accomplished are:

• False Deposit Events: Often, a cross-chain bridge will monitor for deposit events on one blockchain to initiate a transfer to the other.  If an attacker can generate a deposit event without making a real deposit or by making a deposit with a valueless token, then they can withdraw value from the bridge at the other end.  This was what happened in the Qubit hack where a legacy deposit function in the code enabled fake deposits to the bridge contract.

• Fake Deposits: Cross-chain bridges perform validation of a deposit before allowing a transfer to go through.  If an attacker can create a fake deposit that validates as a real one, then they can defeat the validation process.  This was the case with the Wormhole hack, where the attacker exploited a flaw in digital signature validation to steal $326 million.

• Validator Takeover: Some cross-chain bridges have a set of validators that vote whether or not to approve a particular transfer.  If the attacker controls a majority of these validators, then they can approve fake and malicious transfers.  This is what happened in the Ronin Network hack, where the attacker took over 5 of the bridge’s 9 validators.

A hack of a cross-chain bridge can have a significant impact on the bridge itself.  A successful attack involves withdrawing value from the bridge without a corresponding deposit, meaning that the bridge project loses money.

However, the fact that cross-chain bridges span multiple blockchain platforms means that they can have complex effects.  By creating interrelationships between blockchains, cross-chain bridges also cause their security to be intertwined.  Additionally, the complex relationships between “wrapped” assets on different blockchains make tracking the “true” value of an asset difficult in the wake of an attack.

For example, a successful attack on a blockchain bridge could cause a particular asset to be devalued on one platform but not others, creating significant arbitrage opportunities.  This occurred in the case of the Meter.io hack.  The hack caused BNB.bsc to be devalued on the BNB chain, but Hundred Finance used the global Chainlink price for the asset.  This discrepancy allowed attackers to buy BNB.bsc for cheap and use it as collateral to take out loans of more valuable assets.

Cross-chain bridges link blockchains together often through the use of smart contracts.  This makes smart contract audits a vital component of the bridge security process.  By identifying and remediating vulnerabilities before code is released onto the blockchain, a smart contract security audit could have prevented many of the largest hacks of cross-chain bridges.

However, security audits of bridge projects shouldn’t stop at just the code.  Cross-chain bridges create complex environments, and the interactions between the contracts deployed on various platforms should be taken into account as well.  An effective audit requires expert knowledge of all of the affected platforms and in validating the logic of the bridge project and assessing the risks that it poses and faces.