On March 23, the Ronin blockchain network underlying the popular NFT-driven game Axie Infinity was hit by a hack in which the attackers walked away with a dazzling $625 million worth of cryptocurrency.
The Ronin hack was the largest amount of money ever stolen from the type of service called a “bridge,” which connects one blockchain to another so value can be sent between them. Unfortunately, it was far from the only hack that made a bridge: Less than two months earlier, another bridge platform called Wormhole was exploited for nearly $325 million, and about six months before that, more than $600 million was stolen from another cross-chain bridge called poly. (In a surprising twist, the hacker later returned Poly’s stolen money.)
In short, bridges are the weak point in many cryptocurrency systems and hackers are targeting them over $1 billion in just over a year† So it’s worth explaining exactly what they are, why they’re important, and how crypto firms can try to close the billion-dollar hole in their pockets.
If you don’t have time to read on, the short answer to the first part is “yes, they are fragile, but maybe less over time.” For the second part, the story is more complicated.
(We assume you already know what a blockchain is; if not, you can start here.)
So what is a “blockchain bridge”?
Essentially, it is a system for connecting different blockchains together, allowing users to exchange one kind of coin or token for another. Each cryptocurrency runs on its own blockchain: there are Bitcoin, Ethereum and newer currencies like Tether, Ripple, Solana, and so on. There is no easy way for these different blockchains to communicate with each other – they can all use the concept of “addresses” to send and receive currency transactions, but you cannot send ETH directly to a Solana address.
A blockchain bridge is what developers have built to make that crossover a little smoother. If you’re holding ETH and you need Solana’s SOL to sign up for a game, you can send your ETH to a bridge, get SOL back and use the same method to convert back when you’re done playing.
Why are bridges particularly vulnerable to hacks?
The short answer is that they handle a lot of complex requests and have a lot of currency – and unlike the blockchains themselves, there is no standard for how to keep everything safe.
Imagine a blockchain bridge as a real bridge between two islands. Each island has different rules about the type of car you can drive (maybe there is an EV island and a regular gas island), so they don’t let you drive directly from one side to the other. You basically drive to one side of the bridge, leave your vehicle in a parking garage, walk over and pick up a rental car on the other side. When you’re done driving around the other island, return your rental car to the bridge, walk across and they’ll hand you the keys to your car.
That means that for every rental car that drives across the island, there is another car in the garage. Some are stored for hours, other days, other months, but they’re all just sitting there, and the company that manages the bridge has to keep them all safe. Meanwhile, other unscrupulous people know exactly how many cars are in the garage and look for ways to steal them.
Functionally, this means that bridges receive incoming transactions in one type of cryptocurrency, lock it as a deposit, and release an equivalent amount of cryptocurrency on another blockchain. When bridges are hacked, the attacker can withdraw money from one side of the bridge without putting anything in the other side.
Bridges are particularly tempting targets because of all the complex code, which leaves a lot of scope for exploitable bugs. As CertiK founder Ronghui Gu explains, “If you try to build a bridge between N different cryptocurrencies, their complexity is N squared,” meaning there are N more chances for bugs to creep in.
Crucially, these different cryptocurrencies are not just different monetary units: they are written in different programming languages and deployed in different virtual environments. Figuring out how these things should interact is very difficult, especially for on-chain bridges converting between multiple different currencies.
Have bridges made cryptocurrency less secure in general?
Probably not. Attackers are now targeting bridges because they are the weakest point in the system – but that’s partly because the industry has done a good job securing the rest of them. Kim Grauer, Research Director at Chainalysis – a company that investigated DeFi thefts — told The edge that bridge hacks are taking the place of the previous generation of malicious hacks against exchanges like Coincheck, BitMart or Mt Gox.
“If you looked at our ecosystem a few years ago, centralized exchanges were the main target of hacks. Every hack it was, ‘centralized exchange is going backwards,’ and the industry has worked hard to find solutions that would help us overcome these hacking problems,” she says. “We see a lot of DeFi hacking, but I think the pace of it is slowing down. The speed at which this hacking is happening certainly cannot continue to grow for the industry.”
Isn’t the whole point of the blockchain to prevent these kinds of attacks?
The problem is that many bridges are not on the blockchain at all. The Ronin Bridge is set up to operate “off-chain”, running as a system that interfaces with the blockchain but exists on servers that are not part of it. These systems are fast, flexible, and relatively lightweight — reducing some of the “N-squared” complexity challenges — but they can be hit by the same type of hacks affecting web services all over the internet. (“This isn’t really blockchain,” says Gu. “These are ‘Web2’ servers.”)
Without the blockchain to handle transactions, the Ronin Bridge relied on nine validator nodes, which were compromised by a combination of code hacks and unspecified social engineering†
There are other bridge systems that work like smart contracts – basically the “on-chain” alternative. An attacker is less likely to undermine the code of an on-chain system through social engineering, and it is extremely unlikely to gain majority control over the network. The downside is that the smart contracts themselves are very complex, and if there are bugs, it can be difficult to update the system in a timely manner. (Wormhole used an on-chain system, and the big theft happened after hackers discovered security updates uploaded to GitHub but not implemented in the live smart contract.)
How do we prevent bridges from being hacked?
It is difficult. The answer that came up time and again was ‘code auditing’. In the type of case described above, where a project’s development team may be working across different programming languages and computing environments, bringing in outside expertise can cover blind spots that internal talent might lack. But right now, a surprisingly large number of projects have no accountant listed.
Nick Selby, director of assurance practice at specialist security audit firm Trail of Bits, said this is partly due to the market’s meteoric rise. Most companies are under tremendous pressure to grow, scale and build new features to fend off competitors – which can sometimes come at the cost of diligent security work.
“We’re in it, I wouldn’t necessarily call it a bubble, but it’s definitely a gold rush,” Selby says. “I think executives trying to innovate in space will often look at the desired outcome of the position and say, ‘Well, this [product] does have the features I want. That’s why it’s good.’ And there’s a lot of things that they don’t look at, so they don’t see them, and that’s where the code audit comes in.”