Hacks multiply in the cryptosphere: Nomad and Solana, the latest victims

After the bear market, another sword of Damocles would hang over the future of the cryptosphere. It is truly piracy in the world of cryptocurrencies. Although it represents a very small part of the total volume of transactions in the sector, the resurgence of this scourge in recent months has begun to worrying.

Ronin, Wormhole, Beanstalk, Harmony Bridge: Victims of hacks in the cryptocurrency universe are numerous this year. While the funds stolen by hackers in 2021 represented almost 3 billion, this year, in just 7 months, the hacks already amount to 2.89 billion dollars, according to a chain analysis report.

This week, on Monday, a bug in Nomad’s bridge smart contract caused nearly $190 million to leak onto the network. Two days later, hackers seized $8 million from Phantom and Slope, two protocols native to Solana’s network.

Cross-Chain bridge: A sector particularly targeted by hacks

According to the research firm’s report, cross-chain bridges are the ones that suffered the largest number of hacks in 2022. They represent 69% of the total stolen funds in the cryptosphere, i.e. almost $2 billion in losses for the sector.

The vulnerability of the bridges between the chains would be linked to the “central storage point”, according to what Chainalysis pointed out.

“Bridges are an attractive target because they often have a central fund repository that secures ‘bridged’ assets on the receiving blockchain. Regardless of how these funds are stored – locked up in a smart contract or in a centralized custodian bank – this point of storage becomes a target.”

Can we read in the report

In his long argument criticizing bridging between chains, Vitalik Buterin, for his part, points to a security problem when transferring assets from one blockchain to another. This last illustrated his words through this example:

“Now imagine what happens if you move 100 ETH across a bridge on Solana to get 100 Solana-WETH and then Ethereum gets 51% attacked. The attacker deposited a lot of his own ETH in Solana-WETH and then flipped this transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully secured and maybe your 100 Solana-WETH is only worth 60 ETH. Although there is a perfect ZK-SNARK based deck , which fully validates the consensus, it is still vulnerable to being stolen by 51% attacks like this”.

What solutions should be considered?

The co-founder of Ethereum has a pretty strong opinion about inter-chain bridges. According to Vitalik, they should not be part of the future of cryptocurrencies. Chainalysis was less categorical, inviting the companies behind these so-called protocols as well as others in the cryptosphere to adopt two measurement frameworks to avoid hacks.

First, the research firm encourages companies to invest in training and safety measures. She said in the report:

“For example, with the North Korean hackers in particular, sophisticated social engineering tactics that exploit the trust and recklessness of human nature to gain access to corporate networks have long been a vector of privileged attack. The teams must be trained in these risks and these warning signs”.

Second, Chainalysis advises companies to respond quickly after piracy:

“If a service is under attack, time is precious. Tracking and tagging funds immediately in the Chainalysis platform can make the difference in preventing bad actors from cashing out their ill-gotten gains.”

Disclaimer

All information on our website is published in good faith and for general information purposes only. Any action taken by the reader based on information found on our website is entirely at the reader’s own risk.

Leave a Comment