摘要:
Introduction
It’s been a massive hit for organizations like Binance, QANplatform, Transit Finance, BitKeep with millions of revenue loss due to Cross-Chain bridge attacks. They are the crypto hacker’s new best friend, a seemingly emerging trend in the black-hat space.
But what is a Cross-Bridge or Cross-Swap?
Cross-Swap is a protocol used to transfer digital assets from one blockchain network to another block chain network without the need to use a decentralized exchange.
WormHole, MultiChain, Binance Chain are a few popular examples.
Why use Cross-Swaps?
Cross-Swaps are crucial as blockchains are not able to communicate with each other. Imagine that you have an AMEX card that can work only on AMEX approved vendors (which is the case). This isn’t ideal when trying to create a cohesive, intuitive ecosystem - Enter Cross Swaps.
Cross-Swaps enable us to use BTC over ETH and ETH over BTC and likewise with other currencies. Examples are wBTC (by BitGo) and tBTC (Keep Network) - both allow you to transfer BTC from the Bitcoin blockchain to Ethereum blockchain network.
This makes it much easier to complete transactions in popular cryptocurrencies, as it’s now of little concern which chain you’re using. Cross-Swaps, despite their vulnerability, serve an important purpose in the blockchain space as an intermediary between competing projects.
Attack at Binance BNB
On the 6th of October, 2022, hackers attacked Binance (BNB) and its Smart Chain (BSC), stealing some $110m worth of cryptocurrencies.
In a proceeding incident, BNB was quick to react, as the attacker would have siphoned more than $2m funds if they hadn't reacted immediately.
“The issue is contained now. Your funds are safe,” Binance CEO Changpeng Zhao said via Twitter.
At HyperBC, we believe security should be developed and tested rigorously. Proactive, not reactive. Which begs the question -
How did the attack go unnoticed?
The exchange (not Binance) that received the funds confirmed that the exchange was used by the attacker to send the initial funds needed to be registered as a BSC Cross-Chain Bridge Relayer.
The address was assessed by its AML system for any suspicious or malicious activity prior to using its service, and as the system didn’t find any red flags in the address, the funds were sent to the recipient address successfully.
The experienced attacker used new, clean addresses, as well as different burner (one time use) addresses in multiple chains. This gave them unfettered access to the funds.
Why are cross-swaps under target?
As per sources from Chainalysis, Cross-Swaps are targeted as they often feature a central storage point of funds that back the "bridged" assets on the receiving blockchain. Regardless of how those funds are stored – locked up in a smart contract or with a centralized custodian – that storage point becomes a target.
More importantly, effective bridge design is still an unresolved technical challenge, with many new models being developed and tested. These varying designs present novel attack vectors that may be exploited by bad actors as best practices are refined over time.
As the technology (and auxiliary work) matures, these instances should reduce in frequency.
What can be done to be secure against these types of attacks?
HyperBC suggests all organizations should undergo repeated and rigorous security audits, penetration tests & in-depth analysis of their products & services.
HyperBC solves this through HyperLab, its Australia-based Blockchain and Cybersecurity R&D division, dedicated to solving problems and producing solutions on the bleeding edge of both industries, and translating academic breakthroughs to business utility. HyperLab also provides security auditing services for businesses and organizations, including HyperBC.
Operational security, especially at scale, is no easy task. But it’s not just a reputation that industrial actors have to uphold - it’s the livelihoods and savings of real people, everywhere.
When it comes to the safety of your assets, choose the best. Choose Security. Choose HyperBC.
This article was written and produced by HyperBC and HyperLab . The information herein represents their view at the time.
==
欢迎加入鸵鸟区块链Telegram社群
