September 2022 – Bridge Attacks

From the conception of Bitcoin in 2009 to the multi-chain environment we observe today, the crypto space has come a long way, and as the industry developed, so did the spectrum of means to exploit it. Every so often, the industry has suffered from major attacks draining the ecosystem of millions of dollars, and in recent times, the primary victims of these hacks have been blockchain bridges.

What are Blockchain Bridges, and why are they important?

The key to enabling interoperability, bridge protocols facilitate the transfer of assets and information across multiple blockchain networks. Blockchains are naturally isolated networks with unique native coins, governance, and consensus mechanisms making cross-chain communication difficult. This is where bridges come in to induce compatibility. Several established networks in the space have distinct features and variable degrees of security, decentralization, transaction speed, and fees. Users predominantly working with one chain may want to move their assets to another desirable network per their requirements. Bridge protocols make this happen.  

For example, Bob has some $ETH on the Ethereum mainnet and wants to transfer it to his friend but is weary of the network’s high transaction costs. He notices that the L2 solution Polygon offers much better transaction throughput at a minimal cost. Through a bridge protocol, Bod can securely move his $ETH on the mainnet to $wETH or Wrapped $ETH on Polygon. A wrapped token is essentially a cryptocurrency pegged to a native coin that can be used on an external network. 

Bridge-based interoperability will augment the transition to Web3, empowering the ecosystem in various ways:

Further decentralization of the ecosystem 

While complete decentralization within individual blockchain networks is a primary concern for several blockchain projects, the capacity to establish network interoperability across various blockchains represents an even more advanced realization of the promise of blockchain technology to decentralize systems and economies where thousands of application-specific Layer 1 solutions are interconnected through a decentralized network.

Scalability and cheaper transactions

Scalability is another significant issue that blockchain bridges may aid in resolving. Different networks will need to serve more significant transaction volumes and offer faster processing as blockchain gains prominence. Bridges may be utilized to provide scalability solutions where the transactional demand is dispersed throughout chain connections thanks to their capacity to enable cross-chain transfers. Additionally, users may move their assets from a network like Ethereum to a platform with minimal fees through bridges.

Increasing cryptocurrency payments and acceptance

Interoperability issues significantly hampered the adoption of cryptocurrencies as a means of payment. Several establishments only took Bitcoin as payment in the form of cryptocurrencies, but the blockchain bridge enables immediate payments at the point of purchase.

Specialized Web3 services

 Blockchain protocols’ flexibility to combine and match different pieces of fragmented infrastructure is the key to creating wholly new Web3 instruments and platforms. Many experts contend that interoperable smart contracts could revolutionize sectors like healthcare, law, or real estate, for example, by making it possible for crucial business data to be transferred between private networks and public networks in a customizable and malleable fashion. Interoperability across blockchains may potentially allow for multi-token transactions and multi-token wallet systems, which would considerably simplify the cryptocurrency user experience.

Types of bridges

Bridges can be classified based on various criteria:

Classification based on function

Chain-To-Chain Bridges: These bridges are primarily made to facilitate the transfer of assets between two specific blockchains and often employ the lock and mint system. Examples: Polygon’s PoS Bridge and Binance bridge between BSC and ETH.

Multi-Chain Bridges: These bridges are capable of moving assets across different blockchains. They are designed to be deployed to any type of L1 or L2 blockchain solution. Connext and cBridge are a few examples.

Data-Specific Bridges: These are interoperability protocols that exclusively transmit arbitrary data between various blockchains. These protocols often serve as the foundation for decentralized applications (dApps) and enable cross-chain composability. Examples include IBC, Data Movr, and Celer Inter-Chain Message Framework.

Classification based on chains bridged

L1 <> L1 Bridges: These bridges connect different Layer 1 solutions. For example, the Binance bridge and Avalanche bridge would be popular examples.

L1 <> L2 Bridges: Layer 1 solutions are connected to different Layer 2 solutions built upon them. For example, bridges that connect Ethereum Mainnet to Arbitrum or Optimism.

L2<>L2 Bridges: The youngest variant in the cross-chain infrastructure domain, these bridges connect different Layer 2 solutions. Example: Orbiter

Classification based on architecture

Trusted Bridges: These bridges rely on a centralized system or entity to function. They have trust presumptions on the handling of money and the Bridge’s security. Most users rely on the operator of the Bridge’s reputation. These bridges demand that users cede ownership of their crypto holdings.

Trustless Bridges: Algorithms and smart contracts are used to operate trustless bridges. They are trustless, meaning that the Bridge’s security and that of the underlying blockchain are identical. Trustless bridges provide customers the ability to maintain control over their money through smart contracts.

Classification based on asset transfer mechanisms

Pool–Based Bridges: Under such a mechanism, the bridge operator maintains pools of respective native tokens on either side of the Bridge. For example, a user intending to transfer USDT tokens from Ethereum to Solana must first deposit assets to the bridge contract (pool) on the Ethereum side. The user will provide the Solana address, and the bridge operator deposits Solana native USDT from the Bridge pool on the Solana side into the specified address. 

Lock & Mint / Burn & Redeem: The “locking” or “burning” followed by the minting or redeeming is another prevalent transfer mechanism. Employing the same example as before, the user again starts by depositing USDT in Ethereum to a bridge-owned contract address and entering the recipient address on Solana, completing the “locking” phase. Bridge then “mints” or issues its own or a “wrapped” version of the deposited asset on the Solana chain and deposits it in the recipient address. The value of these newly created tokens depends on the prospect of one day being able to exchange them for the underlying asset on the sender chain. The wrapped tokens are transmitted back to the sender chain and “burned” on the target chain when the user “redeems” the tokens on the origin chain.

Atomic Swaps: Assets on the source chain are exchanged for assets on the destination chain via atomic swaps. In general, they lack the trustworthiness of lock & mint or burn & mint procedures since they operate through self-executing smart contracts for asset exchanges and do not need a third party.

Why are bridges vulnerable?

For two fundamental reasons, cross-chain bridges are inherently insecure.

First off, bridges merely broaden the attack surface that would-be hackers might exploit by making the bitcoin ecosystem more complicated.

Second, due to the lack of a larger development community, many are constructed fundamentally differently from the blockchains they connect. As a result, the code is not as thoroughly examined for potential problems. 

Many have described bridges as sitting ducks for hackers. Bridges feature smart contracts on both the blockchains involved in the exchange so that users may trade tokens. Since smart contracts are public, anybody, even malicious parties, may examine them for flaws. Additionally, they are created to be unchangeable and impossible to alter. An updated smart contract must be used to address the problem. It may take time and resources to address this flaw, leaving the Bridge open to future money theft. Additionally, vast quantities of various currencies are required for bridges to trade tokens quickly between blockchains. Because of their enormous reserves, bridges are a popular target for hackers, and the rise in the number of assaults we have observed on bridges is a definite sign that they regard this as a lucrative opportunity.

Bridges also raise the total risk for the bitcoin ecosystem as a whole since they run the danger of transmitting vulnerability across the ecosystem.

Bridge Attacks

Bridge protocols are absolutely essential to actualize the Web3 future, but it is currently the weakest link in the industry infrastructure. With more than $2 billion worth of cryptocurrencies stolen across 13 hacks, bridge attacks are now responsible for 69% of stolen funds in 2022.

ChainSwap 

Then among the leading protocols in the interoperability infrastructure subdomain and backed by prominent venture funds such as Alameda Research and OKEx, Chainswap is a cross-chain asset bridge. On 10th July 2022, the protocol suffered a major attack as hackers exploited the vulnerabilities in Chainswap smart contracts. Back then, Chainswap primarily supported projects to launch Ethereum tokens on Binance Smart Chain (BSC). Highjacking projects’ contracts on BSC, the attackers minted tokens on the chain and proceeded to sell them on the network’s most popular DEX PancakeSwap for $wBNB, $BUSD, and other coins. The attackers also stole assets from Ethereum mainnet, which were staked in Chainswap’s contracts to sell them for $DAI

Around 20 projects, including Wilder Worlds, Antimatter, Option Room, Umbrella Network, Blank, Nord Finance, Razor Network, Peri, Unido, Oro, Vortex, Corra, ROCKS, Dafi, and Unifarm lost assets worth over $8 million. Over 14 tokens plunged 99% in the aftermath. The sale of vast amounts of minted tokens drained liquidity pools for many projects, further afflicting them. Moreover, this incident came after an earlier attack conducted on 2nd July 2021, in which the protocol lost around $800K. 

Multichain 

Multichain, formerly known as Anyswap, is one of the most notable names in the cross-chain space, with a TVL of over $1.7 billion. On 17th January 2022, the Multi-chain team declared that security firm Debaub discovered a critical vulnerability in the network and immediately asked users to revoke permissions for $wETH, $PERI, $OMT, $wBNB, $MATIC, and $AVAX on the protocol’s bridging router since they were on the verge of drained by hackers, but unfortunately, the exploit was already underway.

The attack resulted from a single function in the protocol’s contract named anySwapOutUnderlyingWithPermit. Multi-chain router allows users to swap between any two chains freely through an internal mechanism that wraps the actual token with its “anyToken”. For example, to conduct a transfer of $ETH from Ethereum mainnet to BSC, the protocol first wraps $ETH to create $anyETH. $ETH will serve as the underlying asset for the wrapped token, which Multichain also uses for internal accounting. During the transfer, wrapped tokens will be added to the Multi-chain anyETH BSC contract and burned on the anyETH Ethereum contract. The compromised function was created to facilitate this mechanism. Under a standard transaction, the function would have taken a wrapped anyToken address as input and unwrapped it to receive the address for the underlying asset, but in a particular exploit, when the contract deployed by the attacker was unwrapped, an address to a $wETH contract was obtained instead. Thus user’s $wETH authorized to Multichain’s contract were directly transferred to the attacker’s malicious contract token address. Furthermore, it was revealed that the function was never used before the attack and could have been deleted long before.

Security firm PeckShield reported that more than 450 $wETH, then worth around $1.3 million, were affected. In total, hackers made away with $3 million as Multichain and some individual victims began offering bounties to the attackers to recover whatever they could.

Qubit

Qubit is a DeFi platform that primarily provides money market services to connect lenders and borrowers efficiently, along with peripheral bridging services. In another attack on an Ethereum and BSC network bridge,  an attacker targeted the platform’s X-bridge protocol on 27th January 2022 to drain the Bridge of crypto assets valued at over $80 million around the incident. 

The attacker exploited the deposit function in Qubit’s bridge contract to dupe the protocol into thinking that $ETH had been deposited into the contract. Qubit offers a feature called X-collateral that enables users to collateralize their assets on other chains without moving assets. For example, users could deposit 1 $ETH in Qubit’s contract through the deposit function on the Ethereum mainnet to get 1 $xETH which will be minted on BSC. The newly minted token could now interact with the BSC ecosystem or could be used to borrow other tokens. The attacker called the deposit function with meticulously constructed input data to exploit particular vulnerabilities within the function code. The deposit function logic further invokes the QBridgeHandler contract, which conducts the data verification. The hacker provided a null address which is considered a whitelisted and an externally owned address (EOA), along with a sufficiently large ETH amount as inputs to successfully circumvent three statements within the QBridgeHandler contract meant to ensure the correctness of the inputs. One of the root causes of the exploit was the fact that a vital function within the deposit code, safeTransferFrom, failed to revert when a null address was provided. 

This enabled the hacker to mint 77,162 $xETH, then worth over $185 million, without actually depositing any $ETH. These tokens were used to borrow 15,688 $wETH ($37.6 million), 767 $BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and roughly $5 million in $CAKE, $BUNNY, and $MDX before swapping everything for 206,809 BNB coins. All valuations mentioned here were recorded as of the date the attack occurred. 

Wormhole

Wormhole is among the most significant communication protocols connecting Solana to the rest of the ecosystem, but unfortunately, that is not how many remember its name. In one of the largest hacks the industry has ever experienced, on 2nd February 2022, exploiting Portal, the token Bridge built on the Wormhole protocol, the attacker made away with assets valued at around $325 million at the time of the incident. 

Before the hack, a typical transfer between Ethereum and Solana through the Wormhole bridge went through the following process:

  • First, the completeTransfer function is called on the Ethereum Wormhole bridge contract. 
  • Then, the post_vaa function is called on the Solana side. post_vaa further calls the verify_signatures function.
  • The verify_signatures function is called to obtain a set of signatures from the 19 “Guardians” that sign off on all the transfers between Solana and other networks. But, this function delegates the actual validation to a Solana built-in system cryptographic utility program called the secp256k1_program.
  • The secp256k1_program further relies on a standard Solana function called load_instruction_at present within the sysvar::instructions, a system account. The function takes in a system program address as an input.

A slight digression. An account here can be considered a structure comprising certain variables used to store data and functions to process them. The Solana architecture is composed of such system accounts. The sysvar::instructions accounts specifically contain serialized transaction instructions. “Programs” or “Accounts” in Solana are essentially equivalent to smart contracts in Ethereum.

  • After the signatures are verified, the post_vaa function checks whether there are enough signatures to reach the consensus to post a Validator Action Approval (VAA), and only then signature_set is created and sent to the complete_wrapped function.
  • The transfer is finally authorized by the complete_wrapped function to mint $whETH (Wormhole $ETH) on Solana.

Trouble began when Solana depreciated the load_instruction_at and replaced it with load_transaction_at_checked since the old function did not verify whether the input was received from a trusted system account. Before the Wormhole could deploy the update, the vulnerability was exploited. The attacker created a program and conducted a valid transaction through it. The attacker-controlled program’s address was then given as an input to the load_instruction_at function and, using the VAA verification from the previous valid transaction; the attacker was able to mint 120,000 $wETH on Solana without any reciprocative deposit on the Ethereum side. 93,750 $ETH was bridged back to Ethereum through three transactions, while the remaining  $whETH were liquidated on Solana into $USDC and $SOL.

In the aftermath of the attacker, $SOL fell over 10% as the presence of a massive amount of unbacked $whETH was distressing for several Solana-based platforms. The parent of Wormhole, Jump Crypto, a subsidiary of the HFT firm Jump Trading, immediately stabilized the situation by restoring the entire stolen amount. The Wormhole team offered a bug bounty of $10 million to the attacker, the largest offer industry has ever seen. 

Meter

Just a few days after the massive Wormhole hack, 2022 witnessed its 4th major bridge attack, with the DeFi infrastructure platform Meter being the victim. Meter functions as a decentralized EVM-compatible side chain for Ethereum and other public chains and also provides interoperability solutions through Meter Passport, a multi-chain router protocol. Meter Passport is a fork of ChainSafe’s Chainbridge, but it introduced an additional function that served as the root cause of the exploit. 

In an attack quite similar to Qubit’s, hackers exploited the deposit function taking advantage of a wrong trust assumption. There are two deposit functions to be mindful of, one in the bridge contract and the other in the handler contract.

Consider the ideal flow for a transfer through the ChainBridge:

  1. The user invokes the deposit function in the bridge contract and states the specific token and the amount.
  2. Bridge further delegates the responsibility of conducting the transfer to the handler contract’s deposit function, asking it to lock or burn the specified amount of tokens depending on the mechanism.
  3. Handler contract calls transferFrom function on the token contract to complete the transfer.

To facilitate the transfer of native tokens ($ETH on Ethereum or $BNB on BSC), Meter used ChainSafe’s modular bridging infrastructure to introduce a new function depositEth in the bridge contract and modified the handler contract. Under the altered flow

  1. The user invokes the depositETH function in the bridge contract and specifies the native token and the amount to be transferred.
  2. The bridge contract wraps the native token (Ex. $ETH wrapped to create $wETH) and also asserts the value of the amount stated by the user before immediately transferring the assets to the handler contract.
  3. Under normal circumstances, assets would have been locked or burned, but the modified handler contract deposit function has a special clause. If the assets being bridged are wrapped tokens, it assumes that the Bridge has already completed the transfer to the handler contract and does not charge the user. This assumption holds true within this process.

Attackers exploited the Bridge through the original deposit function in the bridge contract and the modified function in the handler contract.

  1. The attacker invoked the deposit function in the bridge contract specifying wrapped tokens as the asset to be bridged along with an arbitrary amount. The original deposit function does not verify the value of the amount stated like depositETH did.
  2. The bridge contract calls the handler contract asking it to lock or burn the assets.
  3. Since the assets being bridged were wrapped tokens, the handler contract incorrectly assumed the Bridge had already completed the transfer.

The attacker illegally minted over $4.4 million in $BNB and $wETH, severely depleting the Bridge’s reserves, and moved the loot to Tornado Cash across multiple transactions. The exploit primarily affected the Moonriver ecosystem, a parachain based on Polkadot’s Kusama network, which was bridged to Ethereum and BSC through Meter. Following the incident, the attacker sold an extensive amount of $BNB coins on SushiSwap, a prominent DEX, causing the BNB price to crash 77% on Moonriver. Hundred Finance, a lending platform, suffered significant collateral damage in the process as several opportunists, taking advantage of the local $BNB price discrepancy, took on undercollateralized loans. Surprisingly two of the loans were repaid, but Hundred Finance still took a $3.3 million hit.

Ronin

The largest crypto hack ever, with assets then valued at over $600 million stolen, Ronin reaffirmed Crypto’s “bridge” problem to an unignorable degree. 

Sky Mavis, the developer behind the GameFi sensation Axie Infinity, launched the Ronin network to expedite transaction throughput needed to accommodate the P2E game’s massive user base. The network follows a Proof of Authority (PoA) consensus algorithm whether a limited number of designated validators stake their identity or reputation to approve transactions. PoA models generally deliver superior TPS statistics, albeit at the cost of decentralization and trustlessness. The Ronin network relied on nine validators where a consensus of 5 validators is required to approve a transaction.

On the day of the exploit, 23rd March 2022, private keys for four validators that were maintained by Sky Mavis were compromised, and the attackers obtained the signature for the fifth validator belonging to Axie DAO through a backdoor in Sky Mavis’s systems. In November 2021, Sky Mavis and Axie DAO jointly established a gas-free node to trim costs for users and mitigate the heavy transaction volume the network was processing. The agreement also allowed both parties to sign off transactions on each other’s behalf. This measure was only taken to alleviate the overburdened state of the network around the time and was discontinued after a month, but the access was never revoked. This enabled the attackers to reach the required number of validators to fraudulently approve two withdrawals from the bridge contract, one for 173,600 $ETH and another for 25.5M $USDC.

The hack went unnoticed for six days and was discovered only when a user couldn’t withdraw 5000 $ETH from the Bridge. The hackers even shorted the $AXS (Axie) token but the trades liquidated before the news broke out. As reports surfaced, Sky Mavis immediately moved to replace all the existing validators and upped the consensus requirement to eight validators. The Bridge was shut down in the aftermath of the attack and wasn’t reopened for three months. Binance blocked addresses that potentially belonged to the hackers and suspended all deposits and withdrawals on the network to support the investigation. The Ronin team conducted extensive forensic analysis and audits with Chainalysis, Certik, and Verichains. At the same time, several security firms tracked the attackers’ complex laundering operations, which involved multiple CEXs, including Houbi, FTX, and crypto.com. The stolen assets were also moved through Tornado Cash and Blender, mixing services used to mask the money trail by depositing assets in huge pools and withdrawing them back through a new address. As the community and concerned authorities dug into the largest crypto hack ever, several interesting details came to light. The U.S. Department of Treasury’s Office tied the infamous North Korean cybercrime syndicate, the Lazarus Group, to the attack and added an Ethereum wallet address to a sanctions list. The Block reported that the attackers got into Sky Mavis’s computers through a fake LinkedIn offer to a senior engineer. Sky Mavis raised $150 million in a funding round from Binance, a16z, Dialectic, Paradigm, and Accel to reimburse the victims. 

Harmony

In the second major bridge attack involving the theft of private keys, hackers stole assets then worth over $100 million across approximately 65,000 wallets from Harmony’s Horizon Bridge.

Harmony protocol is a layer-1 blockchain launched in 2019 with sharding and a unique Effective Proof-of-Stake (EPoS) consensus mechanism. The network is connected to the Ethereum Mainnet and BSC through the Horizon Bridge, Harmony’s proprietary cross-chain solution. Horizon’s transaction approval mechanism is based on a multi-signature (MultiSig) wallet, which, as the name implies, requires multiple private keys to be accessed. The Bridge has five validators, and on 24th June 2022, the attackers hijacked the requisite number of addresses/keys (one and two) to validate multiple transactions. 

Polygon’s Chief Information Security Officer, Mudit Gupta, opined that the compromised keys were most likely associated with hot wallets (wallets that are always connected to the internet) and the attackers assaulted the servers these wallets were running on to access the keys kept in plaintext (basically unencrypted). Surprisingly, Harmony’s incident report maintains that the keys were protected by a passphrase and a key management system which ensured that no single machine had access to multiple plaintext keys. Harmony also asserted that only the Ethereum side of the Bridge was jeopardized and upped the consensus requirement to 4-5 from 2-5. Assets in the form of $BUSB, $USDC, $ETH, and $wBTC tokens were stolen across nine transactions and were later swapped for $ETH. These swapped tokens were also laundered through Tornado Cash. Harmony announced a bounty of $1 million, which was later increased to $10 million but to no avail. To reimburse the victims, the network offered two options, both of which involved minting more native $ONE tokens over a three-year period, but the proposal received a significant amount of backlash from the community.

Nomad

In the most recent major bridge attack on 8th August 2022, Nomad, a cross-chain messaging protocol that connects Ethereum, Avalanche, Evmos, and Moonbeam blockchains, was robbed of almost all of its assets, valued at around $190 million at the time of the attack. The attack came just a few days after the protocol raised $22 million in a seed round from Coinbase Ventures, OpenSea, Polygon, and Crypto.com at a valuation of around $225 million.

Figure: An exploitative transaction

The attack on Nomad was enabled by an update to the protocol, which induced a critical error in the Replica smart contract’s message validation mechanism. The bridge architecture follows a two-stage procedure before a message can be approved. The first stage would involve the validation of the input data before processing it in the second stage. Like several other protocols, Nomad commits messages through an internal data structure called Merkle tree. After a message’s data has been included under a tree and its inclusion is proven by a Merkle proof, the root of the tree is stored in a mapping function within the Replica contract. Thus, the mapping function essentially connects a message’s hash to the tree’s root. For an unproven message, the default root address is 0x00. When a message is submitted to the process function within the Replica contract, it validates whether it belongs to a trusted root. Nomad initialized the value of trusted roots to 0x00 in an update, which is considered a common practice, but in this case, the root address coincided with the default value for an unproven one. Thus, the process function ascertained all messages as proven. Transactions where attackers sent 0.01 $wBTC to the Bridge on the Moonbeam network to receive 100 $wBTC on Ethereum were observed. Once an attacker initially conducted the exploit, thousands of looters joined in since all they had to do was re-broadcasting the transaction after replacing the attacker’s address with their own. According to Elliptic, the most prolific hacker netted just below $42 million across 202 self-deployed contracts.

In the aftermath of the attack, Nomad announced a public code review through an ImmuneFi bounty program. The bridge protocol also offered a bounty of up to 10% to retrieve user funds with the promise of white hat status and no legal action. Nomad’s funds recovery address has received over $36 million from 40 addresses so far.

Solutions

Rigorous Code Audit 

Blockchains are frequently connected through the use of cross-chain bridges that employ smart contracts. As a result, smart contract audits are a crucial step in the bridge security procedure. A private smart contract security audit might have stopped many of the worst breaches of cross-chain bridges by finding and fixing flaws before code is published into the blockchain. An extensive bounty program could also be conducted before mainstream release.

The code alone should not be the end of a bridge project’s security examination. Cross-chain bridges provide complicated ecosystems, and it is essential to consider how the contracts that have been placed on different platforms interact with one another. The expertise of all the impacted platforms, validation of the bridge project’s rationale, and evaluation of the risks the project confronts are necessary for an audit to be impactful. ‘

P2P Bridges 

Inter-chain trading would be more secure with P2P-based bridges. They do not rely on sophisticated smart contracts or centralized liquidity pools since they employ atomic swaps and order book mechanisms instead. Cross-chain P2P swaps can be completely decentralized and trustless since peer-to-peer technology eliminates intermediaries. It is a more secure method of transacting in a cross-chain environment since just one transaction enters and exits concurrently for each exchange. Swaps are referred to be “atomic” because, with each order, the deal either closes and the funds are exchanged between the two users, or the transaction fails, and the source funds are returned to the two users. Contracts with hash-time locking enable this (HTLCs). 

Conclusion

Blockchain technology has the potential to improve a variety of information systems. But, the basis for its widespread adoption lies squarely with the evolution of cross-chain technology, as currently, there isn’t a perfect solution to the bridging problem, only trade-offs for specific use cases. The future of the crypto ecosystem will be determined by the continual improvement of the existing promising technologies within the domain and the stringent evaluation of existing sensitive infrastructure.

Author: Madhav Bajaj

References

What Are Blockchain Bridges And How Can We Classify Them? | by Arjun Chand | LI.FI Blog
Bridges: Designs, Trade-offs, and Opportunities | by Amber Group | Amber Group | Medium
Explained: Why hackers keep exploiting cross-blockchain bridges

Chainswap
ChainSwap Exploited: Projects Using The Bridge Protocol Crashed 99%
ChainSwap Exploit Leads to Multi-Million Loss For DeFi Tokens – Decrypt
Important Update: ChainSwap Hack. Firstly, we want to thank the entire… | by Wilder World | Wilder World | Medium
ChainSwap hackers steal $8m and crash token prices
OptionRoom current post ChainSwap hack situation | by OptionRoom | Medium
ChainSwap Hack: Transparency Update #2 | by Nord Finance | Medium
An Important Message To The Community About The Chainswap Hack | by John Chen | Umbrella Network | Medium

Multi-chain
Multi-chain Users Lose $1.4M Due to Bridge Bug – Crypto Briefing
Multichain Hack Worsens as Loss of Funds Reaches $3M: Report
Without Permit: Multichain’s exploit explained | by Tal Be’ery | ZenGo | Medium
Explained: The Multi-chain Hack (January 2022)
Multi-chain under fire from users as hacking losses grow to $3M
Multichain Hack Incidence-Gate.io Blog | Get Better at Blockchain & Cryptocurrency Blog

Qubit
Explained: The Qubit Hack (January 2022)
Rekt – Qubit Finance – REKT
Qubit Bridge Collapse Exploited to the Tune of $80 Million | by CertiK | Medium
Qubit Finance suffers $80 million loss following hack
Hackers have stolen $80 million in cryptocurrency from the Qubit DeFi platform – The Verge
Qubit Finance Hack Post-Mortem: The Trail the Hacker Left Behind | by Lossless | Medium
DeFi Protocol Qubit Finance Loses $80M in Hack – Blockworks

Wormhole
Lessons from the Wormhole Exploit | by Alex Lupascu | Medium
Quick Analysis of the Wormhole attack – Kudelski Security Research
Rekt – Wormhole – REKT
Solana’s Wormhole Hack Post-Mortem Analysis | by Extropy.IO | Medium
Wormhole offers $10M to Ethereum thieves
Wormhole cryptocurrency platform hacked for $325 million after error on GitHub – The Verge
Wormhole restores stolen $326 million after major crypto bailout

Meter
Breaking Down the Meter Hack | ChainSafe
$4.3 Million Lost to Another Bridge Hack | by CertiK | Medium
Rekt – Meter – REKT
Knownsec Blockchain Lab | meter.io attack analysis | by Knownsec Blockchain Lab | Medium
Latest DeFi bridge exploit results in $4.4M losses for Meter

Ronin
Rekt – Ronin Network – REKT
Hack Track: Analysis of Ronin Network Exploit | Merkle Science
Explained: The Ronin Hack (March 2022)
Community Alert: Ronin Validators Compromised
The Biggest Ever Crypto Hack: What Happened in the Ronin Bridge Attack
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
Axie Infinity Developer Sky Mavis to Reimburse Victims of Ronin Bridge Hack
Axie Infinity Ronin blockchain reportedly hacked with fake job offer – The Verge
How a fake job offer took down the world’s most popular crypto game
Ronin Hackers Moved Stolen $625-Mln Cryptos To Bitcoin Network Through Sanctioned Mixers
Report on the Ronin Network Exploit and AML Analysis of Stolen Funds | by SlowMist | Aug, 2022 | Medium

Harmony
Rekt – Harmony Bridge – REKT
Explained: The Harmony Horizon Bridge Hack
Hack Track: Analysis of the Analysis of Harmony’s Horizon Bridge Exploit | Hack Track | Merkle Science
$100M Harmony Hack Explained. The Harmony Horizon Bridge project was… | by Andre Costa | Coinmonks | Medium
Breaking: Harmony’s Horizon Bridge hacked for $100M
Harmony’s Horizon Bridge Hack. On Thursday, 23rd June, 2022, the Harmony… | by Matthew Barrett | Harmony | Medium
Harmony Proposes Issuing ONE Tokens to Reimburse Victims of $100M Hack
Reimbursement Proposal [Horizon Incident] – Community / Announcements – Harmony Community Forum
Backlash as Harmony proposes minting 4.97B tokens to reimburse victims

Nomad
samczsun on Twitter
Nomad Bridge Hack: A Simple Explanation of $190 Million Attack
Nomad Bridge Hack: Root Cause Analysis | by Nomad | Nomad | Aug, 2022 | Medium
Explained: The Nomad Hack (August 2022)
Nomad Bridge Hack Explained – Map Protocol Blog
Hackers abuse ‘chaotic’ Nomad exploit to drain almost $200M in crypto | TechCrunch
Hackers Return $9M to Nomad Bridge After $190M Exploit
Nomad Loses $156 Million in Fourth Major Crypto Bridge Exploit of 2022 | Elliptic | Elliptic Connect
Crypto startup Nomad offers 10% bounty after $190 million hack