2022 was a lucrative year for pirates who attack the emerging web3 and decentralized funding spaces (DEFI), with more than $ 2 billion in cryptocurrency have stolen in several high-level hacks to date. The cross protocols were particularly affected, with a hacking of Ronin Bridge at $ 650 million from Infinity Axie representing a large part of the stolen funds this year.
The looting continued in the second half of 2022 while the transverse platform Nomad saw $ 190 million drained of wallets. The Solana ecosystem was the next target, the pirates having accessed the private keys to some 8,000 wallets that led to Solana (Sol) and Solana Program Library (SPL) tokens.
Debridge Finance managed to get around a phishing attack attempt on Monday, August 8, unpacking the methods used by what the company suspects a large-scale attack vector used by the North Korean pirates of the Lazare group. A few days later, Curve Finance underwent a feat that saw the pirates reinstall users to a counterfeit web page which led to a flight of $ 600,000 of USD parts (USDC).
Several failure points
The Debridge Finance team has offered relevant information on the prevalence of these attacks in correspondence with Cointtelegraph, given that a number of members of their team worked before for a prominent antivirus company.
The co-founder Alex Smirnov underlined the driving factor behind the targeting of transversal protocols, given their role as liquidity aggregators who respond to requests for transfer of transversal value. Most of these protocols seek to aggregate as much liquidity as possible by the exploitation of liquidity and other incentives, which has inevitably become a jar of honey for harmful actors:
“By locking a large quantity of liquidity and inadvertently providing a diversified set of available attack methods, the bridges are a target for pirates.”
Smirnov has added that the bridging protocols are middleware that is based on the safety models of all the blockchains supported from which they aggregate, which considerably increases the potential attack surface. This is also possible to make an attack in a chain to draw liquidity from others.
Related: Is there a sure future for transversal bridges?
Smirnov added that the web3 and the transverse space are in a nascence period, with an iterative development process by seeing the teams learn from the errors of others. Parallels with the first two years in the DEFI space where the exploits were riveted, the co-founder Debridge conceded that it was a process of natural dentition:
“The transversal space is extremely young even in the context of web3, so we see this same process being played. Crosschain has enormous potential and it is inevitable that more capital flow, and the pirates allocate more time and resources to find attack vectors. »»
The DNS CURVE Finance embezzlement also illustrates the variety of attack methods available for harmful actors. Bitfinex technology director Paolo Ardoino told Cintelelegraph that industry must be custody against all security threats:
“This attack demonstrates once again that the ingenuity of pirates presents an almost and always present danger for our industry. The fact that a pirate is able to modify the DNS entry for the protocol, to transmit users to a false clone and to approve a malicious contract says a lot for the vigilance which must be exercised. »»
Building the tide
The exploits becoming hikers, the projects will undoubtedly consider means to mitigate these risks. The answer is far from clear, given the range of avenues, the attackers have at their disposal. Smirnov likes to use a “Swiss cheese model” during the conceptualization of the security of the bristing protocols, with the only way to perform an attack is if a certain number of “holes” are temporarily aligning.
“In order to make the level of risk negligible, the size of the hole on each layer must be aimed at as minimal as possible, and the number of layers must be maximized.”
Again, it is a complicated task, given the mobile parts involved in the transverse platforms. The construction of security models on several reliable levels requires understanding the diversity of risks associated with cross protocols and the risks of supported chains.
The main threats include vulnerabilities with consensual algorithm and the basis of supported channel code, 51% of attacks and reorganizations of the blockchain. The risks for validation layers could include the collusion of validators and compromised infrastructure.
Software development risks are also another consideration with vulnerabilities or bugs in smart contracts and validation nodes of key concern. Finally, Debridge notes the risk management risks such as the keys to the protocol authority compromised as another safety consideration.
“All these risks are quickly aggravated. Projects should adopt a multiple facets approach, and in addition to safety audits and bug bonus campaigns, throw various security measures and validations in the design of the protocol itself. »»
Social engineering, more often called phishing attacks, is another point to consider. While the Debridge team has managed to thwart this type of attack, it remains one of the most widespread threats to the wider ecosystem. Education and strict internal security policies are essential to avoid preying these cunning attempts to steal skills securities and diversion systems.
