We need to chat about the dangers of Crypto Bridges. According to figures from blockchain analytics firm Chainalysis, a total of around $1.4 billion has been lost to breaches of crypto bridges since the start of this year alone! The biggest single event was the $615 million stolen from Ronin, a bridge supporting the popular nonfungible token game Axie Infinity, which lets users earn money as they play. There was also the $320 million attack on Wormhole, a crypto bridge backed by Wall Street high-frequency trading firm Jump Trading. In June, Harmony’s Horizon bridge suffered a $100 million attack. And just a few weeks ago, almost $200 million was seized by hackers in a breach targeting blockchain bridge Nomad.
At Coinstop, we are all about educating the masses on how to keep your crypto secure. With the rise of these crypto bridge hacks, we think it’s time we chat about why using this function for an extended period of time is not the safest option for your cryptocurrency.
BUT FIRST, WHAT ARE CRYPTO BRIDGES?
To understand what a crypto bridge is, it’s important to first note that each blockchain network, such as Bitcoin or Ethereum, relies on different consensus protocols, programming languages, and system rules.
Crypto bridges work to connect each economically and technologically separate blockchain network in order to enable the fast swaps of tokens. For example, if you own bitcoin but want to participate in DeFi activity on the Ethereum network, a blockchain bridge allows you to do this without first having to sell your Bitcoin. This would incur transaction fees and expose you to price volatility.
When swapping a token from one chain onto another an investor deposits the tokens into a smart contract, a piece of code on the blockchain that enables agreements to execute automatically without human intervention. That crypto then gets “minted” on a new blockchain in the form of a so-called wrapped token, which represents a claim on the original coins. The token can then be traded on the new network.
But in using crypto bridges, investors bypass a centralised exchange, using a system that’s largely unprotected.
THE RISKS OF CRYPTO BRIDGES
Centralisation - centralised bridges rely on a third party to manage the minting and burning of tokens. Users must place their trust in this third party to properly and safely operate the system. The centralised entity behind a custodial bridge could theoretically steal users’ funds. There’s also the problem of the third party losing their private keys, rendering funds irrecoverable.
Technical Vulnerability - many crypto bridges rely on the soundness of smart contract code, not the security of the blockchain. As such, bridges using poorly written or unautied smart contracts are vulnerable to malicious exploits, which presents an even bigger risk for users.
Enticing Targets for Hackers - The above points, coupled with the fact that these Crypto Bridges hold copious amounts of money, have made them enticing targets for hackers.
“They usually hold tremendous amounts of money. Those amounts of money, and how much traffic goes through bridges, are a very enticing point of attack.” said Adrian Hetman, tech lead at crypto security firm Immunefi.
HOW TO STAY SAFE
Just like with third-party exchanges, storing your coins on Crypto Bridges for an extended period of time will leave you at risk of losing it all. It’s for this reason that we highly recommend you transfer your coins to the safety of a cold storage hardware wallet after use.
Cold storage hardware wallets allow you to store your cryptocurrency offline. Your private keys are generated and stored on the hardware wallet which is then protected by a PIN and an optional passphrase. The keys are never exposed to the internet so they can’t be stolen or copied. That’s why it’s known as cold storage.
While it may require you to put in a little extra effort to secure your crypto, it’s well worth it! Here at Coinstop, we remain committed to providing you with the latest in crypto security, so you can ensure your assets are safe. To visit our store, head here.