Blockchain Bridges: the Nomad attack

Blockchain bridges are also called cross-chain bridges. A blockchain bridge is a protocol that connects two economically and technologically distinct blockchains to allow them to interact. These protocols work like a physical bridge connecting two islands, with the islands being separate blockchain ecosystems.

Blockchain bridges, also known as network bridges, are applications that allow people to move digital assets from one blockchain to another. Both chains may have different protocols, rules, and governance models, but the bridge provides a secure way for both chains to interoperate.

Although there are numerous bridge designs, blockchain bridges can generally be divided into two tribes: more centralized bridges that rely on trust or federation, and more decentralized “trustless” bridges.

• Centralized bridges rely on some type of central authority or system to function, which means that users must trust a mediator in order to use a given app or service. Examples such Binance bridge.
• Trustless bridges are those in which users don’t have to place trust in a single entity or authority. Rather, the trust is placed in the mathematical truth built into the code. In a decentralized blockchain system, this truth is achieved by many computer nodes reaching a common agreement according to the rules written into the software. This removes many of the problems of centralized systems, which are open to corruption or abuse of power, by using transparency and incentivization of widespread participation. Examples such as Horizon, Ronin, Nomad, Connext, Wormhole.

If you have Bitcoin and want to transfer it to Ethereum, simply deposit the $BTC on the bridge and select to withdraw in $ETH.

The bridge will encrypt the $BTC and mint an equivalent amount of $ETH on the Ethereum blockchain. To keep the token supply under control, the bridge would employ a mint-and-burn protocol.

If you do not wish to use a bridge, you can still ‘bridge’ your $BTC via a centralized exchange (CEX). Transfer the $BTC into a CEX, sell it for $ETH, and then transfer it out. This entire process is more time-consuming and tedious than simply using a blockchain bridge.

Bridges are especially vulnerable to hacking because their technology is complex and they are frequently operated by anonymous teams. It is frequently unclear how they safeguard funds. They have been repeatedly targeted by sophisticated hackers.

In 2022 alone, over 5 bridges has been exploited either through software vulnerabilities or social engineering for over $1billion. The blockchain bridges has a security problem and hackers know this.

These vulnerabilities are not unique to bridges; rather, they are a part of the ongoing problem of hacking and phishing in crypto.

In February, hackers stole $325 million by exploiting a security flaw in the Wormhole Bridge’s code. Wormhole bridges blockchains such as Ethereum, Solana, and Polygon, allowing users to deposit tokens on one chain and receive the equivalent on another. A hacker minted 120,000 wrapped ether, or WETH, on the Solana blockchain without depositing the equivalent on the Ethereum side.

A hacker gained control of five of the nine validator nodes that handle transactions in Axie Infinity’s Ronin bridge. Axie developer Sky Mavis controlled four of the five nodes, a flaw in its design. Hackers gained control of those four nodes through social engineering: An Axie engineer applied for a false job on LinkedIn and opened a false job offer document containing spyware. A fifth node was compromised via a third-party validator managed by the Axie DAO.

The code appeared to work as intended, but the network’s design, with multiple nodes controlled by one party, made it easier for hackers to take over.

For crypto bridges, there are trade-offs between speed, cost, and security. Some bridges are very fast and inexpensive, but they are not as secure, whereas others are much more secure, but they may be slow to execute a transaction.

Crossing chains is still a hassle for user. Even if consumers can get past the trust issues, given previous hacks, they will need wallets on both chains as well as some technical sophistication to use a bridge.

Even if security is mostly solved, this could be the ultimate challenge for bridges. Widespread crypto adoption will be hampered until bridging across different chains becomes easier.

Multichain

Previously known as Anyswap, Multichain has a wide array of tokens from some of the less known chains. It is by far one of the better-known bridges that connects to a number of blockchains.

Multichain lets users bridge via pegged tokens or liquidity pools. Multichain’s Router will determine the best method for the coin you want to bridge.

For coins with native tokens on multiple chains, Multichain will swap cryptocurrencies across chains using liquidity pools. If there is no native coin, Multichain will lock up the token in a smart contract and mint a pegged token on the target chain.

Multichain supports more than 42 chains, including BNB Smart chain, Fantom, and Harmony. Users can transfer their assets seamlessly across blockchains through its Cross-Chain Bridges and Cross-Chain Routers.

Connext bridge tokens and data across 11+ chains. Connext is a crosschain liquidity network that speeds up fully-noncustodial transfers between EVM-compatible crosschains (xapps) and L2 systems. Connext enables fast transfer of value between blockchains and interchain DeFi protocols. Their goal is to create a world where users never need to know what chain or rollup they’re on, and developers can build applications that utilize resources from many chains/rollups simultaneously.

Axelar is a cross-chain communication tool developing interoperability software to connect blockchain ecosystems, applications, and users. Axelar Network consists of a protocol suite, tools, and APIs, designed to break down the barriers to cross-chain communication. Axelar enables developers to build on the best platform for their needs while leveraging the Axelar stack to unlock cross-chain composability and liquidity.

The Inter Blockchain Communication Protocol (IBC), which was launched in March 2021 as part of the Cosmos Stargate upgrade, brings a robust interchain infrastructure to the Cosmos ecosystem, bridging different blockchains and facilitating exchanges between a network of interconnected chains.

The Inter-Blockchain Communication Protocol (IBC) is an inter-module communication protocol that connects different blockchains to facilitate communication and feature exchanges between networks with different infrastructure designs and consensus algorithms.

On Monday, August 1st, 2022, Nomad bridge was exploited for over $200 million. A smart contract bug lets a large number of attackers drain the project’s funds.

The Nomad project’s official Twitter account acknowledged the hack on Monday, August 1st, initially as a “incident” that was being investigated. In a subsequent statement issued early Tuesday morning, Nomad stated that the team was “working around the clock to address the situation” and that law enforcement had also been notified.

The exploit was made possible by a misconfiguration of the project’s main smart contract, which allowed anyone with a basic understanding of the code to authorize withdrawals to themselves.

“This is why the hack was so chaotic – you didn’t need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it” Samczsun explained.

The Nomad team has so far been able to recover a total of $16.6m