Cross-Chain Bridge Security – Vulnerabilities

Cross-Chain Bridge

Blockchains are rapidly developing due to their relative simplicity, speed of functioning, and independence from third parties. Among the most popular of them are BSC, Polygon, Solana, and others.

This situation occurred as a response to increasing requests from users. However, despite the autonomy, each blockchain could not independently be as efficient as possible. To resolve this problem, developers (including allowed hackers) created so-called “bridges” that would enable different crypto ecosystems to interact using cross-chain applications.

Along with the obvious convenience, this solution led to significant security risks and boosted the level of crypto crime. In particular, these risks are connected with smart contracts, private keys, and the peculiarity of the verification process.

In real life, the crypto community faces many cases when bad actors illegally transfer assets from the source chain to their addresses. As a rule, they send stolen funds to another recipient using logical error. Also, they can input some malicious data to block token transfers. Below you can learn about silent threats and how to improve cross-chain transaction security.

What is the Cross Bridge?

A cross-chain bridge is a special program for connecting two blockchains that are not intended to be integrated. For example, anyone who has ever read about cryptocurrency has probably heard about the popular Wormhole bridge used to connect Solana and other DeFi protocols.

From a technical point of view, a cross-chain bridge is a computer protocol (algorithm) created using a special language. Solidity is currently one of the best examples of high-level and object-oriented language for building such bridges and smart contract implementation.

How Do Cross Chain Bridges Work?

First, it’s worth mentioning that not all blockchains require bridges to interact with other systems and process transactions (such chains as Cosmos or Polkadot). However, most modern blockchains cannot independently transmit or receive information from another similar system without using a special API or smart contracts.

Therefore, to transfer crypto assets, you should send them to a specific address on the blockchain via the cross-chain bridge. If all the data matches, the transaction is approved, and the recipient of the other blockchain receives the funds.

How is Cross Chain Bridge Hacked?

The most common goal of hacking bridges is to issue tokens from the legal blockchain address to one that does not have a required deposit. Below, you can see the main methods used to achieve this goal.

  1. False deposit event. Typically, a bridge can validate events only on the source blockchain to successfully initiate a transfer. Thus, attackers have the opportunity to create fake deposit events without actually placing funds. In addition, they can make a deposit using false tokens. The result of these methods is the same – the real value is taken from the opposite side of the bridge. A similar situation occurred during the scandalous hacking of the Qubit system. The developers did not consider various attack vectors, and the deprecated deposit function in the code allowed changing deposits in the bridge contract.
  2. Fake deposits. One of the basic security parameters of bridge contracts is thorough verification of the deposit before the transfer is approved. If an attacker manages to fake a deposit data and give it out to be real, he can easily bypass the verification process. It is one of the main points cybersecurity specialists focus on. An example of such a hack would be an attack on the Wormhole blockchain. With the help of a forged digital signature, the hacker stole about $326 million.
  3. Interception of the validator. It is the third of the most popular bridge hacking methods. A lot of cross-chain bridges have multiple validators. These are small pieces of code responsible for approving a specific transfer.If an attacker gains control of the validators (or most of them), he can vote and approve fake transfers. A similar situation happened with the attack on the Ronin Network (Ethereum-linked sidechain) when a hacker gained access to five of the nine blockchain bridge validators and approved the fund’s transfer.

How to Improve the Cross Chain Bridges Security?

Several relatively simple techniques allow you to maximize the security of bridge connections and prevent attacks or leakage of funds. However, to get the best results, you should use them in combination.

Decentralization of validators. Regardless of the blockchain type, it is necessary to have a set of independent validators to prevent a single point of failure. In this case, the potential malicious actor needs much more time and effort to gain control over your assets.

Funds transfer tracking. Any blockchain should monitor all types of transactions in real-time and without pauses. If the system detects abnormal activity or unusual requests, it activates an instant alert.

Thus, developers can adequately respond to threats and eliminate them as soon as possible. Unfortunately, in the example above, it took Roin almost a week to figure out the hack. As a result, it led to significant financial and reputable losses.

Asset withdrawal delay. Increasing the time it takes to withdraw tokens from the cross-chain bridges significantly decreases the risk of attacks on assets. Depending on the type of bridge, this time can take a few minutes to days or even weeks.

However, this method has a small drawback since it becomes extremely inconvenient for both the sender and the recipient, with a large withdrawal delay. On the other hand, most blockchains allow you to fine-tune time settings.

Audits. Do not neglect the services of external auditors. Regardless of your team’s professionalism, third-party experts can highlight problems you did not notice.

Insurance. None of the abovementioned methods can give you a 100% protection guarantee. Cross-chain bridges and blockchain ecosystems are rapidly evolving and are always at risk of attacks from outside. Therefore, it makes sense to organize an insurance fund to help cope with the consequences of the possible exploit.


What is cross-chain bridging?

It is a special computer program that allows you to send or receive funds between different blockchains.

What is a bridge hack?

It is a situation when an attacker deliberately disrupts the normal functioning of a bridge connection to steal valuable assets.

What are cross-chain protocols?

These special computer algorithms link heterogeneous blockchain networks and allow them to exchange data.