In-depth analysis: Why did the cross-chain bridge double-cross again?
On the morning of August 2nd, Beijing time, the cross-chain solution Nomad was finally hacked. According to preliminary analysis, the loss of Nomad was about 190 million US dollars. The root cause of the theft this time is that an error occurred when Nomad officially upgraded the smart contract.
Not only that, due to the time lock added to the contract upgrade, Nomad failed to respond in time when the hacker transferred assets, and was also "robbed by the fire" by many users, taking away a lot of remaining assets.
Cross-chain bridge attacks are nothing new to practitioners. Since the second half of 2021, there have been more than 10 cases. Because of the special properties of cross-chain bridges carrying a large number of assets, most of these incidents have suffered heavy losses. Not long ago, in June On the 24th, the asset cross-chain bridge Horizon developed by Harmony was attacked, and the loss was also as high as 100 million US dollars. Last year, the Poly Network was attacked and lost 610 million US dollars at one time, making it the largest hacking event in the history of the DeFi field (the hacker has returned most of the assets).
Why are cross-chain related protocols so vulnerable to attacks? How should the cross-chain bridge balance efficiency and security? As the security situation becomes increasingly severe, what should different roles such as project parties and users pay attention to? If an extreme accident does occur, what are the effective means of compensation?
secondary title
Q1
Odaily: Why are cross-chain related protocols frequently hacked? Is it because the current technical solutions are not yet mature? Or are the hidden dangers of such contracts difficult to detect?
PeckShield: The cross-chain protocol is an emerging field, which breaks the barriers of information islands between chains, but it still needs to stand the test of time. The ChainSwap protocol was attacked because of loopholes in the contract itself, AnySwap was attacked because of problems with cross-chain private key management, and Poly Network was attacked because of contract loopholes. This is a warning to all cross-chain protocols that it is necessary to pay more attention to the inspection of contracts and the security of private key management and authorization.
BlockSec (the interviewee is Zhou Yajin, the co-founder of BlockSec and a professor at the School of Cyberspace Security of Zhejiang University): I think there are multiple reasons. The first one is profitable. Since there are often a large number of digital assets in the cross-chain bridge, it has become a favorite in the eyes of attackers. The second is that the entire process of the cross-chain bridge is relatively complicated, involving the interaction between multiple chains and multiple contracts, and the monitoring of these security risks requires an overall security assessment and analysis of the cross-chain bridge. The audit and analysis of a certain module cannot fully cover the security risks of the entire link, and some new security ideas and solutions are needed.
Q2
Odaily: In the case of Poly Network, one of the main points of community questioning was whether there was only one Keeper in the contract. Although it has been proved that this statement is not accurate, the balance between efficiency and centralization is still worthy of our consideration. In cross-chain related services, does it mean that the higher the effectiveness of cross-chain execution, the more centralized it will be? Are centralization and insecurity equated?
PeckShield: The cross-chain protocol is built based on the underlying technology of blockchain, which means that it will not only have the characteristics of blockchain technology, but also carry the "impossible triangle" of the technology itself, that is, it cannot take into account "decentralization" at the same time. The three characteristics of "customization", "security", and "transaction processing performance".
BlockSec: Originally, asset transfers between isolated chains were basically realized through centralized exchanges. Cross-chain Hashimoto is to improve the decentralization and execution efficiency of cross-chain assets through the application of side chains. It is a kind of progress in terms of technology. It is also a technical effort made by the industry to abandon absolute centralization.
There is no causal logical relationship between the efficiency of cross-chain execution and centralization, and there is no direct relationship between the centralization and insecurity of cross-chain bridges. The safety of centralization mainly depends on the security of centralized entities. From a bad point of view, there is a single-point security threat, but from a good point of view, as long as the security of the central entity is high, the security can be guaranteed.
Generally speaking, it still depends on whether the security defense measures of the project party are in place, especially when the security company participates in the audit, it is necessary to judge whether the audit exists, whether the service provider has super-high authority (the authority to transfer funds without audit) and its ability to perform Rug Pull Possibility, because of such operation permission settings, it is likely to cause illegal transfer of a large amount of funds when the supplier's private key is stolen or lost.
Q3
Odaily: Under the background of successive accidents in the project, what should the project party do? What measures can be taken to avoid risks?
PeckShield: The increasingly diversified and enriched cross-chain bridge ecology will lead to a substantial increase in the amount of transactions and funds carried out on it. For example, before Poly Network was attacked, the scale of cross-chain asset transfers exceeded 10 billion US dollars, and the number of addresses using the cross-chain service exceeded 220,000, which also attracted hackers' attention to cross-chain protocols. The cross-chain bridge itself is an important link for hackers to escape funds, so it will also become the target of hackers.
For the project party, it is necessary to seek professional institutions to effectively identify known loopholes and build the first line of defense for the security of the protocol.
Secondly, we must also pay attention to troubleshooting business logic loopholes when combining with other DeFi products to avoid cross-contract logic compatibility loopholes.
Then, it is necessary to design a certain risk control fusing mechanism, and introduce threat perception intelligence and data situation intelligence services from third-party security companies. When a DeFi security incident occurs, it can respond to security risks as soon as possible and check and block security in a timely manner. attack to avoid further damage.
Finally, all parties in the industry should be linked to build a comprehensive asset tracking mechanism to monitor the circulation of related virtual currencies in real time. Operation and maintenance security.
BlockSec:
Introducing security into design is what we usually call security by design, not just security auditing. Third-party security companies should be introduced in the design phase to assess security risks together.
From a long-term perspective, the open source of project technical code is also a necessity to resolve unknown risks.
Maintain continuous monitoring of the situation on the chain, and be able to sense abnormal events on the chain in a timely manner, so as to block them in time before the loss expands.
Q4
Odaily: The demand for cross-chain has always existed, and it is bound to become more and more vigorous. For users, what should they do? How to choose a safe and suitable cross-chain bridge?
PeckShield: It needs to be explained that when such security incidents occur, the biggest losses are often LPs that provide cross-chain capital liquidity. Our suggestion is to do a good job of project background, and do not easily invest assets in unaudited Projects, including projects that are under audit but have not yet been completed. Furthermore, for cross-contract agreements, do not over-authorize, including project stakeholders, and do not over-authorize cross-chain agreements.
Q5
Odaily: When an extreme security incident occurs, what are the effective means of compensation?
PeckShield: When an extreme security incident occurs, firstly, the project party and relevant parties will jointly initiate a first-level response to trace the root cause of the incident, and at the same time track the circulation of stolen assets, timely check and block security attacks, and avoid more losses; real-time monitoring Regarding the circulation of virtual currency, the linkage centralized organization intercepts and blocks the stolen assets, and recovers some stolen assets as much as possible; after the event, a complete compensation plan should be prepared to make up for the losses of users; or, a relatively reliable insurance plan should be set up.
BlockSec:
Collaborate with upstream and downstream industry resources to track the flow of stolen assets in a timely manner and recover losses, especially in terms of exchanges or stablecoins (money laundering) that occupy the majority of liquidity, which can more effectively block the risk of stolen money.
summary
summary
The answers from PeckShield and BlockSec roughly revealed the current security challenges faced by cross-chain related protocols.
On the whole, the reason why cross-chain related protocols are prone to repeated attacks can be roughly divided into three reasons. First, with the rapid development of the track, the amount of funds it carries is also rapidly expanding; second, the track is still emerging. stage, various details still need to be optimized; third, cross-chain related agreements often involve the interaction between multiple chains and multiple contracts, the process is relatively complicated, and there are many risk points.
For ordinary users (mainly referring to liquidity providers who earn income through cross-chain bridges), the situation they are facing now is somewhat similar to that at the beginning of DeFi last year, and they need to be more cautious in weighing benefits and risks. Priority is given to agreements with more complete audit status and smooth business operations for a longer period of time.
For the front-line project parties, on the one hand, it is necessary to absorb the experience of past events, and to find and fill in gaps in a targeted manner; Follow up the upgrades and changes of the underlying public chain in a timely manner, integrate derivative security solutions such as Lossless, seek cooperation with insurance agreements such as Nexus Mutual, and explore like cBridgeNon-contractual liquidity locking methodetc……
Finally, we would like to appeal to all relevant practitioners not to lose confidence. The initial stage of an emerging track will always be accompanied by pains. As the multi-chain structure becomes more stable, cross-chain is bound to become more prosperous, and hackers are "favored" It has already proved the value of this track, and I hope you will not stop your progress because of this stumbling block.
