Be wary of crypto/blockchain bridges!

[Darker45]

There has been a growing pattern of falling bridges. It should bother everybody when that infrastructure that is supposed to connect, to move them across points, to move funds from one network to another, becomes the point of failure itself.

We've just crossed mid-year and there are already a total of at least 7 hacks of blockchain bridges with at least $1.4 billion in damage. So much traffic, so much money involved, but so little security.

• January 18, 2022: Multichain- $3 million stolen.
• January 27, 2022: Qubit- $80 million stolen.
• February 2, 2022: Wormhole- $320 million stolen.
• February 5, 2022: Meter- $4.4 million stolen.
• March 29, 2022: Ronin- $615 million stolen.
• June 23, 2022: Harmony Horizon- $100 million stolen.
• August 1, 2022: Nomad- $200 million stolen.

You know the drill! Avoid them!

1. https://www.cnbc.com/2022/08/10/hackers-have-stolen-1point4-billion-this-year-using-crypto-bridges.html?
2. https://www.reuters.com/business/future-of-money/cryptoverse-blockchain-bridges-fall-into-troubled-waters-2022-08-09/
3. https://www.coindesk.com/tech/2022/08/02/nomad-bridge-drained-of-nearly-200-million-in-exploit/
4. https://www.protocol.com/fintech/crypto-bridge-wormhole-hack

[1714166326]

1714166326

[2stout]

The more components, movable parts involved, the likelihood of failure increases.  One of main reasons why the OGs stay away from this and how also the resolve of the Maximalists get even stronger over the years.

[tranthidung]

Some drawbacks of crypto bridges

• They are not safe. Lot of hacks recent months
• Bridging fee is high and expensive
• Sometimes, you will have to wait a little bit long for the completion of your bridge

My personal choice, I don't use bridge if I can choose a wanted chain for my withdrawal from exchanges. It is safer because I don't have to take risk on my own by using bridges and I mostly have cheaper fee from withdrawal than bridging fee.

[Vvang]

Sigh! This is bad news, how the hell is multi-chain going to survive? Because this is what can bring all projects together as one, this must be perfected one way or the other or else it will be bad, the idea of the multi-chain makes a lot of sense.

[Phu Juck]

• January 18, 2022: Multichain- $3 million stolen.
• January 27, 2022: Qubit- $80 million stolen.
• February 2, 2022: Wormhole- $320 million stolen.
• February 5, 2022: Meter- $4.4 million stolen.
• March 29, 2022: Ronin- $615 million stolen.
• June 23, 2022: Harmony Horizon- $100 million stolen.
• August 1, 2022: Nomad- $200 million stolen.

It is a very shocking list and we can only guess why so much money was hacked but Crypto / Blockchain Bridges are still new, so it isn't as proven as it should be to be used for funds. Hackers can find flawly coded bridges and exploit it for sinistre hacks.

Coders should be very careful when releasing such bridges because if it's insecure code, people can lose many coins and tokens on such bridges.
We should know about bridges and avoid it, whenever possible because bridges will take a long time until hacks can be prevented more reliable.

Instead of boating accidents, it is bridging accidents now.

But I have never used bridge because of high fee.

[Alisha-k]

If there isn't enough security to back up a blockchain then it is not worthy to broadcast the project in the first instance because as long as investors are trooping in attacks must always be a normalcy. The reason why projects should rather give  more on cybersecurity both for the interest of their community and the interest of their investors. Because the crypto space is a virtual world and as more and more start believe in the blockchain spaces bridges could be a discouragement

[mk4]

Lol you haven't seen nothing yet. Thorchain has been exploited 3 times. Basically weeks and days apart. Never seen quite like it.

https://cryptosec.info/defi-hacks/ | CTRL+F Thorchain

[Beparanf]

Sigh! This is bad news, how the hell is multi-chain going to survive? Because this is what can bring all projects together as one, this must be perfected one way or the other or else it will be bad, the idea of the multi-chain makes a lot of sense.

There’s still a lot of trusted old crypto bridge that’s not experiencing exploit until now so I’m sure multi chain will survived. People just need to stay away mediocre bridge because they are the one bringing bad name on blockchain bridge. Most of the bridge involves usually from Ethereum and BSC bridge which I don’t know if there’s really an exploit or an inside job to siphon all the liquidity on the bridge without a trace from the devs. This kind of multiple hack events on bridge is pretty shady for me.

[cryptoaddictchie]

There are some really overlook how the security of their bridge set up. Its not bad to have a bridge but projects should always and prioritize security to the highest level.  Cause lying down money on bridges are probably huge and must be protected.  Its sad that $1.4b falls on the hand of exploiters alone.  I wonder if the suspects are the same on all those incident.  If yes,  then he must be really an asshole for taking up people's money just like that.

[NeuroticFish]

People just need to stay away mediocre bridge because they are the one bringing bad name on blockchain bridge.

People rush to implement this or that, and obviously release it in production in order to earn money.
The fact it's in production doesn't mean it's safe. In most cases it's far from even properly tested (and not only for security).
One of the best tests is the test of time. Because these honeypots do attract hackers, no matter what, and they are a test.

But do people/users want to wait? No! They jump in! I don't expect them read the code, but some cautiousness would be nice.

I wonder if the suspects are the same on all those incident.  If yes,  then he must be really an asshole for taking up people's money just like that.

I wouldn't go that far, but I would also not rule out this possibility. One example can be N.Korea's state hackers, for which all of us are enemies.
And even if it's not them, do you really expect the hackers be nice people who care about their victims?! Then they would notify the team, not steal people's money!

[crwth]

It's like making yourself more vulnerable because you are exposed to more variables with everything. It's like making your problem even more complicated when you can just do something simple in order to make transactions. It's nice to see more applications and solutions to problems that are there but it's also even more reliable to have something that is built to last and less complicated. With those bridges, exploitation is really bound to happen and it did.

[Lucius]

I would like to ask myself how many of these cases are actually real hacking, and how many of these cases are essentially fake hacking in the sense that the funds were stolen by those who are actually behind the project, and then they blame it on hackers from some enemy country? I just want to say that not everything is as it seems and that countries like Iran or North Korea should not always be blamed for every hacking, which has already become a common practice.

And even if it's not them, do you really expect the hackers be nice people who care about their victims?! Then they would notify the team, not steal people's money!

There are also good hackers who hack to point out flaws and then get rewarded for that, but most of them are unscrupulous and will steal anything they get the chance for - regardless of whether it's a small crypto investor or someone with millions of dollars in their account.

[cryptoaddictchie]

I wouldn't go that far, but I would also not rule out this possibility. One example can be N.Korea's state hackers, for which all of us are enemies.
And even if it's not them, do you really expect the hackers be nice people who care about their victims?! Then they would notify the team, not steal people's money!

Some hackers are indeed doing that for the sake of finding loopholes on security. There are some cases,  such as some funds or corresponding money have been returned to the project in exchange of bounty.  Like on Optimism and nomad.  Not sure to others,  maybe it depends on the hacker's goal.

But I believe some didnt only doing that for money cause if its then they are reallt brutal people.

[cheezcarls]

I have some experience using bridges like Ronin and SWFT Blockchain to be able to swap my coin to the other blockchain. Yeah we just have to be careful nowadays as these bridges are vulnerable to exploits, etc., due to lack of security measures.

The thing is that even if the security measures are in place, the hackers are just one step ahead. Just like us, these hackers also learned from their failures and kept improving their skills and abilities just to make their attempt successful.

[VRExpress]

Bridge tokens are dangerous, cant deny that fact but one will work out some day, if all these aren't failing right now how will we even know which is safer and which is weaker? Failure brings solution.

[hatshepsut93]

The golden rule of Bitcoin is that if you don't hold it in your wallet, then it's at risk of getting stolen. Even if these bridges, DeFi, smart contracts and so on claim to be decentralized, it stills means that you're not storing bitcoins the way it was intended, so you are not getting the security promised by Bitcoin.

[sunsilk]

Those are just the few and that's why if you want your funds to be safe. You don't have to be an explorer with all of those projects and bridges. I've used a few of those bridges and people that are storing their funds there are at a risk from the same projects that offers returns.

The golden rule of Bitcoin is that if you don't hold it in your wallet, then it's at risk of getting stolen. Even if these bridges, DeFi, smart contracts and so on claim to be decentralized, it stills means that you're not storing bitcoins the way it was intended, so you are not getting the security promised by Bitcoin.

True. They're making things complicated, they can just simply buy bitcoin and hold it and put it on a non-custodial as these bridges have that risk just as what we've seen with these hacks.

These might look normal as we always see the hacks but we can say that their security breaches were no longer normal with huge amount of money being involved. Although they try to do better but, if some hacks happened, the trust decreases.

[Note3]

Bridge tokens are dangerous, cant deny that fact but one will work out some day, if all these aren't failing right now how will we even know which is safer and which is weaker? Failure brings solution.

And that is a high cost if just want to get a solution, and prove that developers are stupier than hackers, why not immediately hire or give bug bounties if want find a loophole in the network

[Taskford]

There has been a growing pattern of falling bridges. It should bother everybody when that infrastructure that is supposed to connect, to move them across points, to move funds from one network to another, becomes the point of failure itself.

We've just crossed mid-year and there are already a total of at least 7 hacks of blockchain bridges with at least $1.4 billion in damage. So much traffic, so much money involved, but so little security.

• January 18, 2022: Multichain- $3 million stolen.
• January 27, 2022: Qubit- $80 million stolen.
• February 2, 2022: Wormhole- $320 million stolen.
• February 5, 2022: Meter- $4.4 million stolen.
• March 29, 2022: Ronin- $615 million stolen.
• June 23, 2022: Harmony Horizon- $100 million stolen.
• August 1, 2022: Nomad- $200 million stolen.

You know the drill! Avoid them!

1. https://www.cnbc.com/2022/08/10/hackers-have-stolen-1point4-billion-this-year-using-crypto-bridges.html?
2. https://www.reuters.com/business/future-of-money/cryptoverse-blockchain-bridges-fall-into-troubled-waters-2022-08-09/
3. https://www.coindesk.com/tech/2022/08/02/nomad-bridge-drained-of-nearly-200-million-in-exploit/
4. https://www.protocol.com/fintech/crypto-bridge-wormhole-hack

Been discourage to use bridge because fees is not good as it takes a lot from our stash. Also the number of hacking what you mention is quite alerting since this means that our balances is not safe so I guess we need to avoid since I'm sure maybe we can see more of it in future.

For the number of successful attempts provably we can see more because other hackers will get motivated to do it since there are groups who's successful to exploit millions of dollars on those platforms.

[aysg76]

The Ronin network hack was one of the biggest but see people loose their so much amount and hackers enjoy the privilege of those funds but I can't understand how could you don't notice that there are funds stolen over your platform for a whole week and it only came under surveillance when users were unable to withdraw funds

The DeFi is becoming the most scammed things on crypto and with KYC implementation in them the base is eroded so you must avoid them at any cost.

I would like to ask myself how many of these cases are actually real hacking, and how many of these cases are essentially fake hacking in the sense that the funds were stolen by those who are actually behind the project, and then they blame it on hackers from some enemy country? I just want to say that not everything is as it seems and that countries like Iran or North Korea should not always be blamed for every hacking, which has already become a common practice.

We can assume that in some cases the founders are involved in these hacking cases because as we have seen that they have security team whose responsibility is to find out any hack or something like that but how could it went unnoticed for so many days when it's worth million of dollars and then you have the address but you know nothing can happen with it because you can't block their funds as they are not over any CEX exchange and people loose their money so they need to avoid them at most.

And even if it's not them, do you really expect the hackers be nice people who care about their victims?! Then they would notify the team, not steal people's money!

Hackers only want to drain the funds out of these platforms without even thinking of anyone and transfer it to their own wallets.But sometimes they open up about such hacks to notify them that there were bugs of which they took the advantage in order to mock them as have seen in many cases and show they have hacked the amounts.

There are also good hackers who hack to point out flaws and then get rewarded for that, but most of them are unscrupulous and will steal anything they get the chance for - regardless of whether it's a small crypto investor or someone with millions of dollars in their account.

There are sometimes some bug bounty associated with these platforms under which they inform the platform of how security breaches could happen or sometimes we have seen hackers returning funds also to the platform after big hacks also.But as you say they would drain the last sats in your wallet also if they got access to your wallet and in these platforms they only need to find one bug and all users fund are under their control so it's easy for them.