Blockchain bridges: how the smart contract piñata works, and why bridges keep getting hacked

The Ronin Network’s bridge to Ethereum was hacked on 23 March, and $625 million worth of ether and USDC was stolen from the blockchain game Axie Infinity!

Why was there a huge pile of cryptos just sitting there?

A cryptocurrency blockchain has a native currency, and may also run various other tokens. In decentralised finance (DeFi), a bridge lets you use a cryptocurrency from a different blockchain.

The bridge holds the original crypto (e.g., Ethereum’s native currency, ether), and issues a token on the second chain that represents the original crypto (e.g., “wrapped” ether on Binance Smart Chain) — the token is like a banknote representing the reserve held on the original chain.

DeFi is correctly viewed as a piñata — you whack it in the right spot, and a pile of crypto falls out. This is because smart contract programming is brittle and demanding, but all the incentives are time-to-market — so you should expect sloppy work at every stage.

Bridges are the fattest piñatas in DeFi. When you see news of a crypto hack that says hundreds of millions of “dollars” were stolen, it was usually someone stealing the cryptos from a bridge.

 

 

Why do you need a bridge?

DeFi started on the Ethereum blockchain. You run a massive shell game of complex transactions-within-transactions between ether and various other tokens running on Ethereum, in the hope of making money from people who think they’re hotter market players than they are.

But Ethereum has been clogged to unusability since 2017. ethereum.org admits that “for Ethereum to scale and keep up with demand, it has required rollups” — assorted schemes to do the work elsewhere and just send the result back to Ethereum. That is, the blockchain is only usable if you work around actually using it. [ethereum.org]

So you set up your DeFi protocol on some less-clogged blockchain — maybe even a centralised chain, like Binance Smart Chain — and you use “wrapped tokens” representing ether, or bitcoins, or tethers, or USDC. Then you convert back to the real tokens when you want to cash out.

DeFi protocols usually end by being hacked, or from a “rugpull” — DeFi is so innovative that it came up with its own new term for someone just stealing all the money. These are distinct from bridge hacks.

How blockchain bridges work

“Smart contract” is a fancy term for small computer programs that run directly on a blockchain.

Bridges work by having a smart contract on both the blockchains. The bridge uses a relay to transmit messages back and forth between the smart contracts on each of the two blockchains.

The Ethereum Virtual Machine can’t send messages out to the Internet. So the relay for a bridge is a centralised entity — a convenient bridging API, or an “oracle” server doing this one job.

The APIs are provided by centralised entities. These often call themselves “decentralised” because they promise they aren’t interfering with the messages.

Various more complex schemes exist that attempt to make the wafer-thin completely centralised bit just a bit smaller. It’s still completely centralised, but it’s smaller, see.

But nobody really cares about actual operational decentralisation — as long as there’s money to be made.

The trouble with smart contracts

Smart contract programs are extremely hard to alter. The concept is that you can have faith that the program is immune to interference from mere humans — that you’ve automated the human element out.

The problem there is that another term for “immutable program” is “sitting duck for attackers.” This makes smart contracts naturally turn into piñatas:

  1. Smart contracts are hard to alter, by design. So they require the most painstaking code review and analysis — so that you don’t lose money to an exploit.
  2. You make more money by being quick to market.

You could get cautious computer scientists to code your smart contracts in functional or non-Turing-complete languages — or you could get mediocre ex-JavaScript coders to bash out some Solidity code that’ll do for the moment. Crypto overwhelmingly chooses the second option.

You can get your smart contracts audited! This has created a market for crappy rubber-stamp Solidity “auditors,” who let you say you were audited. Or you can get a decent auditor — then just ignore the recommendations in their report, because that’s too much like work when you’ve already ticked the box marked “get an audit.”

A selection of past piñatas

Cryptos kept in a bridge run by a centralised entity with experience in cryptocurrency custody are comparatively safe. For example, the original Wrapped BTC token is issued by BitGo, who hold the BTC reserve and exchange it both ways with the WBTC token on the Ethereum blockchain. [BitGo]

But the crypto world dislikes touchable centralised entities — or ones that are too obvious about it, at least. So bridges tend to just lock the ether into the bridge smart contract on the Ethereum side.

This creates a massive pile of ether, and whatever other tokens the bridge handles — just waiting for someone to get a stick and whack the piñata just right.

(Hack values stated in hundreds of millions of dollars can be misleading — these numbers are often the mark-to-market value of highly illiquid tokens when there’s nothing like that amount of buyers for them, so you could never realise the claimed dollar value even selling them legally. Wrapped cryptos are often blockable by the bridge’s administrators. Actual bitcoins or ether are relatively liquid, but a thief is unlikely to be able to realise hundreds of millions of dollars from selling stolen coins. So take some of the big numbers with a grain of salt.)

• Axie Infinity’s Ronin Network was hacked on 23 March because four of their permissioned blockchain’s nine validators were controlled by Sky Mavis, the company behind Axie and Ronin — and an outside fifth validator was also controlled by Axie temporarily, but Sky Mavis forgot to hand back control. So the attacker got into Ronin and just told the bridge to give them all the cryptos.

This has left the already poor play-to-earn gamers in Axie Infinity utterly screwed — they’re paid in the wrapped tokens, which can’t be redeemed because there’s nothing left to redeem them with. The company says it will make up the stolen coins — though it’s not clear how.

Sky Mavis claims not to have noticed the hack until 29 March — but the price of the Axie token suddenly went up, with an unusual peak in volume, shortly after the hack on 23 March. Some suspect the price of Axie was deliberately being pumped to offset the losses once news of the hack became public. [Twitter].

• Wormhole Portal, on the Solana blockchain, was hacked for 93,750 ether in February 2022. The attacker created a fake signature validator, and used it to create fake credentials. They used these credentials to create 120,000 “Wormhole ETH” tokens out of thin air on the Solana side, then told Wormhole to transfer 93,750 of those out as actual ether. Wormhole’s parent company Jump covered the cost with a bailout. [Ars Technica; Elliptic; Twitter]

Just weeks after the hack, Wormhole drew up plans to do a private token sale to institutional investors, hoping to raise $200 million. [The Block]

• Meter.io is a bridge infrastructure provider — bridges are their job. On 5 February 2022, they were hacked for $4.4 million in bitcoins and ether, via a bug in the Meter Passport smart contract code. [Twitter; BeinCrypto]

• Qubit Finance is a DeFi protocol on the Binance Smart Chain. Qubit’s QBridge, between Ethereum and Binance Smart Chain, was hacked on 27 January 2022 for “$80 million” in notional value of various illiquid minor altcoins and wrapped ether. This attack simply exploited a bug in the QBridge smart contract’s “deposit” function. [Certik]

• The Poly Network is a bridge that interfaces between multiple blockchains. In August 2021, Poly was hacked for “$611 million” in various tokens, mostly illiquid minor altcoins and wrapped cryptos. The attacker was quickly tracked down; they claimed they did the hack just to show it could be done, and gave back most of the coins.

Transactions to move coins from the source blockchain are submitted to Poly’s EthCrossChainManager smart contract on the destination blockchain. EthCrossChainManager has permission to change the “keepers” — trusted entities that can perform transactions — listed in the EthCrossChainData contract. EthCrossChainManager then accepts any transaction signed by a keeper — whether it’s a valid transaction or not. The attacker swapped one of the original keepers for a malicious keeper controlled by the attacker. At that point, the attacker could take anything they liked. [Mudit Gupta; The Block]

Real-world stocks are wrapped tokens — with regulation

Wrapped tokens are not a wrong thing to want. Finance is full of paper representations of assets, and paper representations of paper representations. In fact, real-world equity stocks in the US work a bit like wrapped cryptos.

Cede, as part of DTCC, is the actual owner of pretty much all publicly issued stock in the US. This arrangement was put into place so that stockbrokers didn’t have to send around paper certificates all the time just to trade. The stocks stay at Cede, and brokers exchange rights to those stocks held at Cede.

When you buy shares in a stock, you hold an entitlement, to part of an entitlement held by your broker, to stock held by Cede. Cede owns the actual stock, but you have beneficial ownership of your shares — you are the shareholder who can vote at general meetings and receive dividends on the shares.

This sounds like a long, tottering chain — but the difference from crypto is that every step of this chain is highly regulated and monitored by law. And the regulators know who all the people involved are.

Even then, the layers of abstraction can break if you twist them funny. Matt Levine wrote up one example from 2015, when the DTCC system led to problems working out who had beneficial ownership of shares in Dell. “The financial system is built in layers of abstraction. Which is always fun in court.” [Bloomberg]

Blockchain bridges need regulation

Blockchain bridges are functionally wildcat banks, but on the blockchain — they hold cryptos, then issue tokens as banknotes backed by those cryptos.

Crypto sets up all these complex mechanisms that look like real-world financial engineering — but without the battle-hardened protection mechanisms that exist in the real world.

The big problem is that none of this stuff has the slightest bit of regulation or oversight.

Yes, I know you don’t want regulation of your precious crypto. But you keep demanding to be taken seriously, while throwing around numbers in the hundreds of millions of dollars. Being taken seriously involves oversight.

Blockchain bridges are depository institutions, run by particular individuals. That their IT infrastructure is some shoddy Solidity code doesn’t change that. Bridges’ backing reserves need to be monitored and insured. If that means the reserve can’t legally be held in the smart contract itself, too bad — the “decentralisation” was always fake anyway.

This applies to single-application bridges too, like Sky Mavis’s Ronin. The screwed-over players on Axie Infinity are real-life victims. If you can believe Sky Mavis, the company literally didn’t notice for six days that their backing reserve had been stolen. Nobody was watching any of this. That’s flatly unacceptable.

Crypto regulation came into Canada in full force in the wake of the collapse of the Quadriga crypto exchange — after public outrage that a $200 million financial institution could have collapsed when the regulators were barely aware that it existed. Now cryptos on an exchange in Canada are regulated as securities.

Oversight needs to be put into place for these supposedly billion-dollar financial institutions — before they get within a mile of the real financial system where people live.

 



Become a Patron!

Your subscriptions keep this site going. Sign up today!

7 Comments on “Blockchain bridges: how the smart contract piñata works, and why bridges keep getting hacked”

    1. There’s so much Comedy Gold here that the weight of it may collapse in on itself and form a Singularity of Schadenfreude that hopefully sucks all this CraptoBollocks with it.
      I love your blog. The sarcasm is palpable.

        1. I don’t get it, David. Everything you’ve listed has an actual use, even the bird poop. Remind me what crypto does. Wait! Is it ‘Muh B L O C K C H A I N’?

  1. Thanks for the info about CEDE. I knew that stock transactions were purely abstract, but I didn’t know that all stocks were really owned by a quasi-private partnership of “certain employees” within a quasi-public agency.

  2. As a software engineer I am having trouble visualizing exactly what is happening in the bridge.

    Tokens are stored in a blockchain but the authority to move them around comes from wallets. Does the bridge have a pair of wallets, one on each chain? [It is sometimes said that a smart contract “holds” the Ether, but a contract is part of a token and is not a wallet.]

    I have considerable experience with communication networks, but I find it hard to grasp exactly what information is flowing ‘twixt the different entities in a blockchain system.

    1. Yes, it’s that sort of thing.

      1. The bridge is a centralised program that talks to both blockchains.
      2. The bridge has the key for the smart contracts.
      3. An ETH goes to the bridge smart contract on Ethereum. The bridge program notices, and creates a wrapped-ETH on the other blockchain.
      4. Or in reverse.

Leave a Reply to David Gerard Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.