CryptoDock
Start working and Go ahead
Frequent Trader
4.1 Months
1 Following
24 Followers
17 Liked
0 Shared
Posts
How Crypto Bridges Work and Why They Keep Getting Exploited 🤔
Bridges are the most exploited infrastructure in DeFi. Over $2 billion has been stolen through bridge hacks, more than any other category in crypto.
A bridge moves tokens between two blockchains that can't verify each other's state. Ethereum has no way to confirm what happens on Solana, so the bridge makes that verification happen through its own system.
🤔 The most common design is lock-and-mint. You deposit ETH into a contract on Ethereum and the bridge mints wrapped ETH on the another blockchain. To move back, you burn the wrapped token and the original gets unlocked.
Two other designs exist:
🔵Liquidity network bridges hold pools on both chains and you withdraw from the destination pool instead of receiving a minted token.
🟢Message-passing bridges relay arbitrary instructions between chains rather than moving assets directly, with the attack surface in the code that decides whether a message is valid.
The exploits always track the design.
1️⃣Ronin exploit was lock-and-mint: validators controlled the locked pool, so compromising 5/9 keys was enough to authorize $625 million in fraudulent withdrawals.
2️⃣Wormhole used a message-passing layer for verification, and a forged guardian signature let the attacker mint 120,000 ETH on Solana without locking anything on Ethereum, costing $320 million.
3️⃣Liquidity network bridges haven't been hit at the same scale: THORChain was exploited three times in one month in 2021, but lost only $13 million across the attacks. Each hack could only drain specific pools at a time rather than the full protocol.
$BTC $ETH $XRP
#FAQ #information
Bridges are the most exploited infrastructure in DeFi. Over $2 billion has been stolen through bridge hacks, more than any other category in crypto.
A bridge moves tokens between two blockchains that can't verify each other's state. Ethereum has no way to confirm what happens on Solana, so the bridge makes that verification happen through its own system.
🤔 The most common design is lock-and-mint. You deposit ETH into a contract on Ethereum and the bridge mints wrapped ETH on the another blockchain. To move back, you burn the wrapped token and the original gets unlocked.
Two other designs exist:
🔵Liquidity network bridges hold pools on both chains and you withdraw from the destination pool instead of receiving a minted token.
🟢Message-passing bridges relay arbitrary instructions between chains rather than moving assets directly, with the attack surface in the code that decides whether a message is valid.
The exploits always track the design.
1️⃣Ronin exploit was lock-and-mint: validators controlled the locked pool, so compromising 5/9 keys was enough to authorize $625 million in fraudulent withdrawals.
2️⃣Wormhole used a message-passing layer for verification, and a forged guardian signature let the attacker mint 120,000 ETH on Solana without locking anything on Ethereum, costing $320 million.
3️⃣Liquidity network bridges haven't been hit at the same scale: THORChain was exploited three times in one month in 2021, but lost only $13 million across the attacks. Each hack could only drain specific pools at a time rather than the full protocol.
$BTC $ETH $XRP
#FAQ #information
Login to explore more contents