简体中文
繁體中文
English
Pусский
日本語
ภาษาไทย
Tiếng Việt
Bahasa Indonesia
Español
हिन्दी
Filippiiniläinen
Français
Deutsch
Português
Türkçe
한국어
العربية
Abstract:Another day, another hack – and another blockchain bridge burned.
When thieves stole an estimated $190 million from U.S. crypto firm Nomad last week, it was the seventh hack of 2022 to target an increasingly important cog in the crypto machine: Blockchain “bridges” – strings of code that help move crypto coins between different applications.
So far this year, hackers have stolen crypto worth some $1.2 billion from bridges, data from London-based blockchain analysis firm Elliptic shows, already more than double last years total.
“This is a war where the cybersecurity firm or the project cant be a winner,” said Ronghui Hu, a professor of computer science at Columbia University in New York and co-founder of cybersecurity firm CertiK.
“We have to protect so many projects. For them (hackers) when they look at one project and theres no bugs, they can simply move on to the next one, until they find a one weak point.”
At present, most digital tokens run on their own unique blockchain, essentially a public digital ledger that records crypto transactions. That risks projects using these coins becoming siloed, reducing their prospects for wide use.
Blockchain bridges aim to tear down these walls. Backers say they will play a fundamental role in “Web3” – the much-hyped vision of a digital future where cryptos enmeshed in online life and commerce.
Yet bridges can be the weakest link.
The Nomad hack was the eighth-biggest crypto theft on record. Other thefts from bridges this year include a $615 million heist at Ronin, used in a popular online game, and a $320 million theft at Wormhole, used in so-called decentralised finance applications.
“Blockchain bridges are the most fertile ground for new vulnerabilities,” said Steve Bassi, co-founder and CEO of malware detector PolySwarm.
Nomad and others companies that make blockchain bridge software have attracted backing.
Just five days before it was hacked, San Francisco-based Nomad said it had raised $22.4 million from investors including major exchange Coinbase Global. Nomad CEO and co-founder Pranay Mohan called its security model the “gold standard.”
Nomad did not respond to requests for comment.
It has said it is working with law enforcement agencies and a blockchain analysis firm to track the stolen funds. Late last week, it announced a bounty of up to 10% for the return of funds hacked from the bridge. It said on Saturday it had recovered over $32 million of the hacked funds so far.
“The most important thing in crypto is community, and our number one goal is restoring bridged user funds,” Mohan said. “We will treat any party who returns 90% or more of exploited funds as a white hats. We will not prosecute white hats,” he said, referring to so-called ethical hackers.
Several cyber security and blockchain experts told Reuters that the complexity of bridges meant they could represent an Achilles heel for projects and applications that used them.
“A reason why hackers have targeted these cross-chain bridges of late is because of the immense technical sophistication involved in creating these kinds of services,” said Ganesh Swami, CEO of blockchain data firm Covalent in Vancouver, which had some crypto stored on Nomads bridge when it was hacked.
For instance, some bridges create versions of crypto coins that make them compatible with different blockchains, holding the original coins in reserve. Others rely on smart contracts, complex covenants that execute deals automatically.
The code involved in all of these can contain bugs or other flaws, potentially leaving the door ajar for hackers.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
The Financial Markets Authority (FMA), New Zealand's financial regulator, warns individuals against investment scams that use YouTube channels to promote fraudulent cryptocurrency investment firms/websites. The authority explained on its official website how the YouTube cryptocurrency scam works, providing a step-by-step guide to help people recognize and avoid it. Read HOW THE SCAM WORKS and BE SAFE.
Every trader dreams of quick success, but rushing the process often leads to mistakes. It’s easy to get swept up in the excitement of winning trades or discouraged by unexpected losses. The truth is, mastering the emotional side of trading can be even more important than understanding market analysis or strategies.
In trading, distinguishing between a market correction and a market reversal is crucial for making sound decisions. Misjudging one for the other can lead to missed opportunities or significant losses. While both involve price movements, their causes, duration, and implications differ substantially. Understanding these differences can help traders improve their strategies and adapt to market conditions effectively.
With a steadfast commitment to fostering sustainable financial literacy and providing clear, strategic guidance to the next generation, WikiFX has collaborated with Van Lang University and Hoa Sen University to host an exclusive series of financial education workshops. This marks a pioneering initiative by WikiFX in Vietnam, designed not only to deliver foundational knowledge but also to instill a sense of responsibility and cultivate prudent financial decision-making among aspiring young traders.