Are crypto bridges safe?

In March 2022, hackers stole over $625 million in cryptocurrencies from the Ronin Bridge protocol, making it one of the largest crypto heists ever. In June, Harmony One's Horizon Bridge suffered a loss of more than $100 million in a similar attack. By August, an additional $200 million was taken from the Nomad Bridge due to a vulnerability in its smart contracts. Chainalysis estimates that over $2 billion in digital assets were stolen from blockchain bridges in 2022, representing about 69% of all stolen crypto funds that year.

The article provides some insights into why bridges are hacked so frequently and how to protect your funds while swapping across different blockchains. 

What are blockchain bridges?

Blockchain bridges, also called network or cross-chain bridges, address the challenge of interoperability between different blockchains. They have become essential because, in their current state, blockchains function in isolation and cannot interact with each other.

For example, Bitcoin (BTC) cannot be used on the Ethereum blockchain, and ether (ETH) cannot be used on the Bitcoin network. If a user, Billy, holds BTC but needs to pay another user, Ethel, who only accepts ETH, Billy faces a problem. He can't send BTC directly to Ethel. He could exchange BTC for ETH or buy ETH separately, but BTC cannot be transferred to the Ethereum network directly. This limitation contrasts with the ease of fiat currencies or credit cards, which work across multiple systems. Blockchain bridges solve this problem.

Though designed differently, most blockchain bridges work by locking a certain amount of assets on one blockchain. In return, the bridge credits or mints an equivalent amount on another blockchain. These newly minted assets are called "wrapped" tokens. For instance, if users lock ETH on one blockchain, they receive "wrapped" ether (wETH) on another. This allows Billy to use a bridge to send wrapped bitcoin (wBTC), which operates on the Ethereum blockchain, to Ethel without the usual hassle.

Trust-based vs. trustless blockchain bridges

From a security perspective, blockchain bridges fall into two categories: trusted (or custodial) and trustless (noncustodial). Trusted bridges rely on third parties to validate transactions and act as custodians of the bridged assets. For example, a single company holds all wrapped Bitcoin in custody. This creates a single point of failure—if the custodian faces corruption, bankruptcy, or other issues, the assets in their control are at risk.

A clear example is the Ronin Bridge, which relied on nine validators, four of which were controlled by the Sky Mavis team. To maintain security, the bridge required a majority (five or more) of these validator nodes to approve any deposit or withdrawal. However, attackers compromised all four of Sky Mavis’ nodes and needed only one more to gain full control. With this access, they were able to execute a “verified” withdrawal and steal $625 million.

On the other hand, trustless bridges rely entirely on smart contracts and algorithms to manage assets without intermediaries. However, their security depends on the integrity of the underlying code.

For example, Wormhole, a blockchain bridge facilitating transactions between Solana and Ethereum, was exploited in February 2022 due to a bug in its smart contract. This vulnerability allowed attackers to bypass its verification process, leading to a hack worth over $326 million.

Are blockchain bridges safe?

Both trusted and trustless blockchain bridges come with inherent risks. Trusted bridges face the fundamental issue of centralization, where control by a single entity creates a potential point of failure. On the other hand, trustless bridges are vulnerable to flaws in their smart contracts. If a bug exists in the code, malicious actors are likely to exploit it. Unfortunately, there is no perfect solution yet—both types of bridges have design flaws that can compromise security.

Hackers are becoming more sophisticated as the value of cryptocurrencies, and the number of users grow. Traditional cyberattacks like phishing and social engineering have evolved to target both centralized and decentralized platforms in the Web3 space.

A critical step in improving security is conducting thorough source code audits before deploying bridges. This needs to be a detailed, ground-up inspection to catch potential vulnerabilities since even one bad line of code can open the door to hackers.

In the meantime, users must exercise caution when interacting with bridges. Doing due diligence by reviewing documentation, inspecting the code, and evaluating the system’s maturity is essential to safeguarding crypto assets. At the same time, developers work on addressing the current limitations of blockchain bridges.

Benefits of performing cross-chain swaps through LetsExchange Bridge functionality

Performing cross-chain swaps through LetsExchange offers enhanced security and efficiency. The platform pulls liquidity from multiple liquidity providers for each swap and doesn’t send users’ funds to a bridge, so it doesn’t have to rely on bridges for safety. Over 200 blockchains are supported, and users can benefit from the Bridge functionality.