Menu
in

Why crypto bridges are getting hacked


Good morning, and welcome to Protocol Fintech. This Monday: why crypto bridges are vulnerable, Polygon’s plan of attack and Putin’s new ban on digital asset payments.

Off the chain

A crucial player behind the scenes of this newsletter since shortly after we went daily has been Lindsey Choo, who’s leaving us to attend Columbia Journalism School. From the jump, Lindsey’s been an essential contributor, particularly helping to boost our coverage of international fintech regulation. In this edition, she shares some of the favorite quotes she picked for Overheard. I have a feeling this won’t be the last time we see Lindsey shaping the conversation.

— Owen Thomas (email | twitter)

A bridge too far?

One of the challenges for the crypto industry is how many blockchains there are and how complex it is to move across them. This has led to the growth of bridges for people to send tokens across chains. But these bridging tools have come under attack by hackers, leading to major losses. Some of the largest DeFi hacks to date have involved bridges.

The future is multichain. That means bridges are only going to get more important.

  • Bitcoin is singular: It has one token which is held on one blockchain. But many of the blockchains that followed are designed to support multiple tokens, and many cryptocurrencies aim to ride on more than one blockchain. USDC trades on eight blockchains, while chains like Solana and Ethereum are designed with support for multiple currencies in mind.
  • Many in the industry believe it’s inevitable that there will be multiple blockchains that develop, each emphasizing different strengths such as gaming, trading, NFTs, mobile or payments.
  • But there’s a lot at stake. If crypto goes missing on one side of a bridge because of a hack, that could destabilize the system. When the Wormhole bridge was hacked, its parent company, Jump Trading, replaced the stolen ether to keep things operating.

Attacks on bridges look like other crypto hacks. Hackers exploit flaws in code or, more chillingly, the fundamental design of a network.

  • In the Wormhole incident, hackers exploited a security problem in smart contract code to make off with $325 million.
  • The recent $100 million hack of Harmony’s Horizon Bridge was apparently the result of social engineering to obtain the required electronic signatures to authorize a transaction.
  • In the case of Axie Infinity, social engineering played a role, but hackers also exploited a weakness in its system of validator nodes. Four of the five needed to approve a transaction were controlled by Axie creator Sky Mavis, which gave hackers an opening to take things over.

Even if consumers can get past the trust issues created by the hacks, there are other obstacles. Crossing chains is still a user-interface nightmare, with multiple wallets needed and some technical sophistication.

  • That may be the ultimate challenge for bridges, even if security ends up mostly solved. Until bridging chains becomes easier, widespread crypto adoption will be hindered.
  • Some Web3 companies are working on ways to make bridging easier. Transak is aiming to make it seamless for users who hold say, ether, to play a game on the Solana blockchain.

There are trade-offs for how bridges are designed between speed, cost and security. More secure bridges may be slow to execute a transaction. In the long run, though, this will mostly be a headache for developers. The ultimate crypto bridge could be one that consumers don’t even know they crossed.

— Tomio Geron (email | twitter)

A version of this story first appeared on Protocol.com. Read it here.

SPONSORED CONTENT FROM GOOGLE PLAY

Android and Google Play are blank canvases. Developers are the artists who paint on them: During the past two years there has been a big debate between life and livelihood. A lot of people had to make a choice between the two. Those who could work from home didn’t have to make that hard choice because we could have both life and livelihood — and tech was the reason people could have both.

Read more from Google Play

On the money

On Protocol: Congressional Democrats want the EPA to do something about the crypto mining industry’s “disturbing” carbon footprint. They’re calling for the EPA and DOE to use the Clean Air Act to prompt disclosures from mining operations about their energy use and carbon emissions as a first step.

Ethereum’s official switch to proof-of-stake is projected to happen in September. The Merge, Ethereum’s long-awaited transition from a proof-of-work consensus mechanism to the more energy-efficient proof-of-stake mechanism is now scheduled for September, with one more testnet to go.

Also on Protocol: Polygon enterprise lead Antoni Martin thinks that crypto winter is the time to “differentiate between speculation and build.” He spoke to Protocol about what Polygon could be used for, how the crypto crash has eroded consumer trust and how he’s helping shape EU crypto regulation.

Russia is banning crypto payments. Russian president Vladimir Putin approved a law Friday prohibiting the use of digital assets as a form of payment in Russia. The law will also require crypto exchanges and providers to refuse transactions in which digital assets could be seen as a form of payment.

A Fed survey shows that 56% of senior banking officials think that crypto isn’t a priority. Over 56% of senior financial officers from 80 banks think that blockchain technology and crypto are a “low priority” for growth and development at their companies, according to the latest Senior Financial Officer Survey Results by the Federal Reserve.

Overheard, the Lindsey Choo edition

Today we have a special edition of special editions — a roundup of my past favorites that will have you remembering when …

Ethereum co-founder Vitalik Buterin was on the cover of Time magazine, and everyone had something to say about it. People took to Twitter to roast the cover and ask “why […] the richest people have the least drip.” The cover is available to purchase and trade as an NFT now.

FTX CEO Sam Bankman-Fried fielded questions at a CFTC roundtable discussion on the company’s derivative trading proposal. Sean Downey, clearing chief compliance officer and head of policy at CME Group, accidentally (or intentionally?) paraphrased Taylor Swift when referring to the crypto crash. “We’ve seen that movie before, and in fact, we saw it very recently,” he said of the proposal.

Elon Musk tried to convince us that he doesn’t understand how influential his “personal support” of dogecoin is, claiming that he “never said people should invest in crypto.” But as longtime crypto skeptic Bill Gates said, “If you have less money than Elon, you should probably watch out.”

— Lindsey Choo (email | twitter)

Coming up

A U.S. House hearing on SEC enforcement is set for Tuesday. The U.S. House Committee on Financial Services will hold a hearing titled “Oversight of the SEC’s Division of Enforcement,” which will include the newly renamed Crypto Assets and Cyber Unit.

Truist Financial and Citizens Financial have earnings calls on Tuesday. TFC’s average estimated EPS is at $1.17, a 5% decrease from the prior quarter. CFG’s average estimated EPS is at $1.02, also a 5% decrease from the prior quarter.

FinTech Festival India 2022 starts Wednesday. The three-day conference will be held in New Delhi, featuring speakers from the Blockchain Founders Fund, CoinDCX, Ripple, Revolut and others.

Capital One and Blackstone’s earnings calls are on Thursday. COF’s average estimated EPS is at $5.10, a 9% decrease from the prior quarter. BX’s average estimated EPS is at $1.47, a 5% decrease from the prior quarter.

SPONSORED CONTENT FROM GOOGLE PLAY

Android and Google Play are blank canvases. Developers are the artists who paint on them: Many people don’t realize the many ways developers benefit from Google Play and that the core DNA of Android is open. From the minute that developers get a creative idea, they have every tool they need to build the app, understand the security policies, launch the app and gain a global audience.

Read more from Google Play

Thanks for reading — see you tomorrow!

window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){

(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l="+l:"';j.async=true;j.src="https://www.googletagmanager.com/gtm.js?id="+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TBZ76RQ');

var gotag = document.createElement('iframe'); gotag.src = "https://www.googletagmanager.com/ns.html?id=GTM-TBZ76RQ"; gotag.style.height = 0; gotag.style.width = 0; gotag.style.display = 'none';

document.body.appendChild(gotag); console.log('gtag appended')

});

window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){

console.log("script runs"); const subscribeForm = document.getElementById("mc-embedded-subscribe-form");

subscribeForm && subscribeForm.addEventListener("submit", (event) => { const errorTarget = document.getElementsByClassName('mce_inline_error'); const responseTarget = document.getElementsByClassName('response');

if (errorTarget.length > 0) { console.log("errors test"); for (let i = 0; i < errorTarget.length; i++) { if(!errorTarget[i].classList.contains('newsletter-element__input')) { setTimeout(() => { errorTarget[i].style.display = 'none'; }, 4000); } } } if (responseTarget) { setTimeout(() => { for (let i = 0; i < responseTarget.length; i++) { responseTarget[i].style.display = 'none'; } }, 4000); } }, false); }); window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){ function mc_resp_0(a){a.style.display='none';a.removeAttribute("class");a.innerHTML='';} document.querySelectorAll("form#MC").forEach(function(form){form.addEventListener("submit",function(e){e.preventDefault();if(document.querySelector('#MC_robot').value !==''){return false}var script = document.createElement('script');let email=form.querySelector('input#MC_email');script.src=this.action.replace('/post?','/post-json?')+'&EMAIL='+email.value;document.body.appendChild(script);var callback = 'callback';window[callback] = function(data) {delete window[callback];document.body.removeChild(script); var parts = data.msg.split(' - ', 2);if (parts[1] === undefined) {msg = data.msg;} else {var i = parseInt(parts[0], 10);if (i.toString() === parts[0]) {index = parts[0];msg = parts[1];} else {index = -1;msg = data.msg;}}let resp=form.querySelector('#MC_resp');mc_resp_0(resp);resp.innerHTML=msg;if(data.result=='error'){resp.classList.add('bad');}else{resp.classList.add('good');email.value="";} resp.style.display='inline-block';setTimeout(function(){mc_resp_0(resp)},3000); console.log(data);} })}); }); window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){ (function(d,s){var DID="b0bf7582-16c5-4fc1-a03f-8f705ea43617";var js,fjs=d.getElementsByTagName(s)[0];js=d.createElement(s);js.async=1;js.src="https://track.cbdatatracker.com/Home?v=3&id='"+DID+"'";fjs.parentNode.insertBefore(js,fjs);}(document,'script')) }); window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){ !function(e,t,r,n){if(!e[n]){for(var a=e[n]=[],i=["survey","reset","config","init","set","get","event","identify","track","page","screen","group","alias"],s=0;s 900 ? (( offsetElement.getBoundingClientRect().left-80 )): 20; var setSharePosition = Ithrottle(function() { //console.log("top:"+ stickySahreContainer.getBoundingClientRect().top+"---- bottom:"+ stickySahreContainer.getBoundingClientRect().bottom ) if(offsetElement.getBoundingClientRect().top < topValueToCheck && stickySahreContainer.getBoundingClientRect().bottom > bottomValuetoCheck) { stickyShareElement.style.position="fixed"; stickyShareElement.style.top= topValueToCheck+"px"; stickyShareElement.style.left= leftShareOffsetValue +"px";

} else if(offsetElement.getBoundingClientRect().top < topValueToCheck && stickySahreContainer.getBoundingClientRect().bottom < bottomValuetoCheck) { stickyShareElement.style.position="absolute"; stickyShareElement.style.top= "auto"; stickyShareElement.style.bottom= "0"; stickyShareElement.style.left= ""; } else { stickyShareElement.removeAttribute("style") } }, 100); if(window.innerWidth > 768){ window.addEventListener("scroll", setSharePosition); window.addEventListener("resize" ,function(){ leftShareOffsetValue =window.innerWidth > 900 ? (( offsetElement.getBoundingClientRect().left-80 )): 20; }) } }

});



Source link

Written by Bitcoin

Exit mobile version