[ad_1]
Protocol | Tomio Geron | Jul 18, 2022
Linking blockchains together is a key part of the industry. But bridges are vulnerable to hackers and confusing for consumers.
One of the challenges for the crypto industry is how many blockchains there are and how complex it is to move across them. This has led to the growth of bridges for people to send tokens across chains. But these bridging tools have come under attack by hackers, leading to major losses.
Many in the industry believe it’s inevitable that there will be multiple blockchains that develop, each emphasizing different strengths such as gaming, trading, NFTs, mobile or payments.
See: Why Blockchain analytics are catching Washington’s attention
Because crypto has become a multichain industry, bridges have become a key part of the infrastructure. Attacks on them can have “cascading effects” across chains, as Chainalysis researchers recently put it. Some of the largest DeFi hacks to date have involved bridges.
Hacking bridges
- There are two main kinds of hacks on bridges: code attacks, which exploit vulnerabilities in smart contracts, and attacks on the design of a network, often accomplished through social engineering.
- In one smart-contract-related incident, hackers exploited a security problem in the Wormhole bridge’s code to make off with $325 million. Wormhole bridges blockchains like Ethereum, Solana and Polygon, enabling people to deposit tokens from one chain and get the equivalent on a different chain.
- In the incident, a hacker minted 120,000 wrapped ether, or WETH, on the Solana blockchain without putting in the equivalent on the Ethereum side.
- The recent $100 million hack of Harmony’s Horizon Bridge was apparently the result of social engineering to obtain the required electronic signatures to authorize a transaction.
- In Axie Infinity’s Ronin bridge, a hacker took control of five of the nine validator nodes that handle transactions. Four of those five nodes were controlled by Axie developer Sky Mavis, a flaw in its design, Khurana said. Social engineering allowed hackers to take control of those four nodes: An Axie engineer applied for a fake job on LinkedIn and opened a fake job offer document that contained spyware. A fifth node was hacked through a third-party validator managed by the Axie DAO.
See: Bain Capital Launches Dedicated Crypto Team – Sights on DAO Services
Until bridging across different chains becomes easier, widespread crypto adoption will be hindered.
Continue to the full article –> here
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada’s Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
[ad_2]