• Latest
  • Trending
Hack-Prone Blockchain Bridges Expose DeFi’s Achilles’ Heel – Forbes

Hack-Prone Blockchain Bridges Expose DeFi’s Achilles’ Heel – Forbes

18.08.2022
Billie Eilish is preparing a new album… but not right away – Les Inrockuptibles

Billie Eilish is preparing a new album… but not right away – Les Inrockuptibles

28.09.2023
This $17 French white wine is rich, fruity and full-bodied

This $17 French white wine is rich, fruity and full-bodied

28.09.2023
Miley Cyrus is officially back as a brunette — See the photos – Teen Vogue

Miley Cyrus is officially back as a brunette — See the photos – Teen Vogue

28.09.2023
Michael Gambon, the Dumbledore of the ‘Harry Potter’ films, has died at 82

Michael Gambon, the Dumbledore of the ‘Harry Potter’ films, has died at 82

28.09.2023
McCarthy, Gaetz engage in difficult exchange over paid anti-Gaetz posts – The Hill

McCarthy, Gaetz engage in difficult exchange over paid anti-Gaetz posts – The Hill

28.09.2023
ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media

ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media

28.09.2023
How to Download Safari 17 Beta for macOS Ventura and Monterey – MacRumors

Apple Seeds Releases First Public Beta of macOS Sonoma 14.1 – MacRumors

28.09.2023
The Jeep Gladiator 4xe Plug-In Hybrid is still planned but not for 2024

2024 Ford Mustang Dark Horse criticized by professional detailer for paint problems

28.09.2023

NFL DFS Thursday Night Football Picks and Stacks: Packers vs. Lions Fantasy Scheduling Tips on DraftKings, FanDuel

28.09.2023
30 million interests for Ben Affleck and Jennifer Lopez as luxurious – 24.hu

30 million interests for Ben Affleck and Jennifer Lopez as luxurious – 24.hu

28.09.2023
Live updates on war in Ukraine and Russia: Russia to increase military spending by 70% – USA TODAY

Live updates on war in Ukraine and Russia: Russia to increase military spending by 70% – USA TODAY

28.09.2023
Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

28.09.2023
Thursday, September 28, 2023
  • World
  • Economics
  • Sport
    • Basketball
    • Football
    • Nfl
    • Golf
    • F1
    • UFC
  • Technology
  • Culture
    • Arts
  • Media
    • Film
    • Celebs
    • TV
  • LifeStyle
    • Auto
  • Travel
OLTNEWS
  • World
  • Economics
  • Sport
    • Basketball
    • Football
    • Nfl
    • Golf
    • F1
    • UFC
  • Technology
  • Culture
    • Arts
  • Media
    • Film
    • Celebs
    • TV
  • LifeStyle
    • Auto
  • Travel
OLTNEWS
No Result
View All Result

Home » Economics » Hack-Prone Blockchain Bridges Expose DeFi’s Achilles’ Heel – Forbes

Hack-Prone Blockchain Bridges Expose DeFi’s Achilles’ Heel – Forbes

18/08/2022 17:30:16
in Economics
0
0
SHARES
Share on WhatsappShare on Facebook

Related posts

ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media

ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media

28.09.2023
Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

28.09.2023

Illustation, light beam bridge, blue wall binary code technology, concepts in space.

Getty

If 2018 was the year of the hack for centralized crypto exchanges, decentralized blockchain bridges seem destined to claim that honor this year.

More than $1.9 billion was stolen in cross-chain hacks in the first half of 2022, according to a new blog post from crypto-analytics firm Chainalysis.

Cross-chain bridges have been criticized in recent weeks for their vulnerability. At their core, bridges allow users to exchange one token for another, say BNB
BNB
(Binance token) for Ethereum; they are the key to extending operability across blockchains.

“Having this interoperability is crucial,” says Kim Grauer, research manager at Chainalysis.

But to work, decks must contain large amounts of both tokens. These pools of liquidity make them attractive to hackers. Bridges “allow blockchains to talk,” says Grauer. “But we also created these honeypots for malicious actors.”

“Regardless of how those funds are stored — locked in a smart contract or with a centralized custodian — that point of storage becomes a target,” she adds.

Their vulnerability may also be the result of DeFi growing too big and too fast. Cross-chain bridges, says Amit Dar, senior director of strategy at cybersecurity firm Active Fence, are “kind of an afterthought.”

“Efficient bridge design is still an unsolved technical challenge, with many new designs being developed and tested,” adds Grauer.

Yet bridges have become staples of decentralized finance, and as long as they remain vulnerable, hacks will also be commonplace.

“The promise of DeFi was that we could have finance without trust,” says Sam William, CEO of Arweave
AR
, a blockchain start-up behind permaweb which aims to preserve internet content. “But instead, people ended up trusting the marketing and subsequently the code without verifying it.”

As DeFi grows, this “painful lesson,” as Grauer puts it, is costing users unprecedented amounts of money. Thefts in the first half of this year increased by 58% compared to the corresponding period of 2021. “This trend does not appear to be reversing any time soon”, adds the report. Indeed, $190 million was hacked from the Nomad blockchain bridge in early August, after the report closing date.

According to Chainalysis’ Mid-Year Crypto Crime Update, most cross-chain hacks this year resulted from code exploits. Bridges, like all DeFi applications and uses, are open source projects built by developers and modified by programmers. The entire Bridges codes are available on GitHub, an open code hosting service where anyone can inspect them for vulnerabilities.

Open source advocates call it the key to community and decentralization. But it’s a double-edged sword. Just as developers, users, and communities have their eyes on the code, so do malicious actors. They can easily see bugs or flaws and use them to exploit the bridge itself. An earlier report by Chainalysis found that code exploits accounted for nearly 50% of value stolen from DeFi in the first quarter of the year. Narrated chain analysis Forbes he doesn’t have the data for Q2 yet.

Code exploits also represent some of the biggest blockchain bridge hacks of the year, taking Ronin, Wormhole, Harmony
HARMONY

A
and now Nomad. These hacks all suffered from exploits in which loopholes in the code led to compromised validator nodes approving flights.

Hackers, Williams says, find flaws in software that are widely deployable on every node. Blockchains rely on a series of computers called nodes to verify and validate transaction history. When a bug or a loophole in the code is discovered by hackers, they can use the bug to modify certain functions on each node.

According to a Twitter feed by samczsun, research partner and head of security at crypto research firm Paradigm, the Nomad hack comes from a faulty update. The blockchain bridge contained $197 million worth of cryptocurrencies before the hack.

A routine upgrade set the code to automatically approve every message, and therefore every transaction. The hackers then no longer needed to modify the code, they simply had to find a transaction that had previously worked, replace the address, and rebroadcast the information to steal the funds.

“Attackers abused it to copy/paste transactions and quickly emptied the deck in a frenzied melee,” he said. tweeted.

So where does DeFi go from here? Mimi Idada, founding partner of Open Web Collective, a blockchain incubator and venture capital fund, suggests that blockchain bridges use open source to their advantage. “So here is a great story where we have black hats doing malicious activities,” she says. “But when we have an idea, and when we know what’s going on, we can actually [enlist] our community, other developers, to help get some of that money out before it’s all gone.

Indeed, in the case of Nomad white hats, or hackers with good intentions, used the same method as the thieves to return part of the funds to the bridge. Although Nomad currently only holds $90,000 in cryptocurrencies, more than $36 million has been sent to the blockchain bridge recovery wallet address, according to data from Etherscan.io. Nomad also offered a 10% bonus to anyone returning at least 90% of the funds.

Regardless of benevolent hackers, Grauer says continued attacks will force DeFi “to a higher bar in terms of security.”

“God knows how many bugs there are in the code that are not being analyzed by the entire potential population at all times,” she says.



Previous Post

Leicester boss Brendan Rodgers reveals he ‘spent his summer break convincing players to sign’ before being confronted with ‘reality’ of Foxes transfer situation

Next Post

Angelina Jolie and Brad Pitt’s Alleged 2016 Plane Incident Detailed in FBI Report – E! NEW

Related Posts

ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media
Economics

ICC names Near Foundation as official blockchain partner – SportsPro – SportsPro Media

28.09.2023
0

The blockchain agreement lasts until the end of 2025 ICC wants to create a passport for fans to reward their...

Read more
Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

Stocks making the biggest moves at midday: CarMax, Accenture, Peloton, Jefferies and more

28.09.2023
Oil could hit $150 a barrel unless the US increases production, says Shale CEO – Markets Insider

Oil prices could soon crush demand, forcing Saudi Arabia to pump more

28.09.2023

The $55 trillion U.S. bond market is on the cusp of its lowest level since 2008 – MarketWatch

28.09.2023

Interactive Brokers consolidates its European operations by focusing on… – Investing.com

28.09.2023

Bitcoin Miners Increase Selling Pressure as Halving Event… – Investing.com

28.09.2023
Load More
Next Post
Angelina Jolie and Brad Pitt’s Alleged 2016 Plane Incident Detailed in FBI Report – E!  NEW

Angelina Jolie and Brad Pitt's Alleged 2016 Plane Incident Detailed in FBI Report - E! NEW

Recent Posts

  • Billie Eilish is preparing a new album… but not right away – Les Inrockuptibles
  • This $17 French white wine is rich, fruity and full-bodied
  • Miley Cyrus is officially back as a brunette — See the photos – Teen Vogue
  • Michael Gambon, the Dumbledore of the ‘Harry Potter’ films, has died at 82
  • McCarthy, Gaetz engage in difficult exchange over paid anti-Gaetz posts – The Hill

Archives

  • September 2023
  • August 2023
  • July 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • EN

© 2020

No Result
View All Result
  • World
  • Economics
  • Sport
    • Basketball
    • Football
    • Nfl
    • Golf
    • F1
    • UFC
  • Technology
  • Culture
    • Arts
  • Media
    • Film
    • Celebs
    • TV
  • LifeStyle
    • Auto
  • Travel

© 2020

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.