UNITED STATES: Last week, thieves stole an estimated $190 million from American crypto firm Nomad. It was the seventh hack of 2022 to target Blockchain “bridges,” which are strings of code that help move cryptocurrency coins between different applications.
According to statistics from London-based blockchain analysis company Elliptic, hackers have already stolen more cryptocurrency from bridges this year than they did last year, totalling almost $1.2 billion.
The alternative payment method known as ‘cryptocurrency’ was developed utilising encryption methods.
Cryptocurrencies can act as a form of payment and a virtual accounting system due to encryption technology. A cryptocurrency wallet is necessary in order to use cryptocurrencies.
Ronghui Hu, an associate professor of computer science at Columbia University in New York and co-founder of the cybersecurity company CertiK, stated, “This is a conflict where the cybersecurity firm or the project can’t be the winner.”
“We have so many initiatives to safeguard. When they examine a project and discover no bugs, they (hackers) can just go on to the next one until they identify a weak spot.”
Currently, the majority of digital tokens operate on their own distinct blockchain, which functions as a kind of online ledger for cryptocurrency transactions. When initiatives using these coins get isolated, their chances of being widely used are decreased.
Blockchain bridges seek to topple these barriers. In “Web3,” the much-hyped vision of a digital future where cryptocurrency is integrated into online life and commerce, backers claim they will play a crucial role.
The weakest connection, though, can be a bridge.
The Nomad hack ranked as the eighth-largest cryptocurrency theft ever. A $615 million theft from Ronin, which was utilised in a well-known online game, and a $320 million theft from Wormhole, which was used in so-called decentralised banking applications, are two other thefts from bridges that have occurred this year.
According to Steve Bassi, co-founder and CEO of malware detector PolySwarm, “Blockchain bridges are the most fertile ground for new vulnerabilities”.
Support has been given to Nomad and other businesses that produce blockchain bridge software.
Nomad, situated in San Francisco, claimed to have received $22.4 million from investors just five days before being hacked, including prominent exchange Coinbase Global (COIN.O). Pranay Mohan, co-founder and CEO of Nomad, referred to its security methodology as the “gold standard.”
It has stated that it is collaborating with law enforcement organisations and a blockchain analysis company to monitor the stolen funds. It promised a reward of up to 10% late last week for the return of money stolen on the bridge. It announced on Saturday that it had so far recovered more than $32 million of the funds stolen.
The restoration of bridging user cash is our first priority, and community is what matters most in cryptocurrencies, according to Mohan. “Any party that returns 90% or more of the improperly used monies will be regarded as a ‘white hat’.”
“We won’t charge white hats,” he claimed, making reference to purportedly moral hackers.
Some bridges, for instance, alter crypto coins to make them interoperable with various blockchains while keeping the original coins in reserve. Others rely on smart contracts, intricate agreements that automatically complete transactions.
All of these could have bugs or other weaknesses in the programming that could open the door to hackers.
How can the issue be handled?
According to some experts, audits of smart contracts and “bug bounty” programmes that reward open-sourced assessments of smart contract code could assist prevent cybercrimes.
Others argue that deconcentrating control over the bridges among fewer organisations would increase their resilience and code openness.
Because they frequently use a centralised infrastructure that typically locks up assets, cross-chain bridges are a tempting target for hackers, according to Victor Young, founder and chief architect of U.S. blockchain company Analog.