Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Cross-Chain Interoperability and Security – Executive Summary of Coinchange Report

Cross-Chain Interoperability and Security – Executive Summary of Coinchange Report

Share via:

Cross-chain bridges—applications allowing the exchange of value across parallel blockchains—present a challenge for blockchains since they need to be able to trust and validate external information. Chainalysis data has revealed that bridge hacks account for a staggering 69% of the total funds stolen in the DeFi space in the past two years, heightening the need for robust cross-chain security.

To tackle this issue, Coinchange, together with LI.FI and Hacken jointly produced a report on “Crosschain Interoperability and Security.” The comprehensive research highlights the importance of interoperability in the blockchain ecosystem, identifies challenges, and offers expert solutions. Here, we present a snapshot of the main findings.

See the full Crosschain Interoperability and Security report.

Importance of interoperability for the blockchain ecosystem

Blockchain interoperability has become essential in the ecosystem as more blockchains are developed with varying designs, coding languages, and consensus mechanisms. Without it, the exchange of value between different blockchains is complex, and the liquidity of assets is fragmented. Interoperability is crucial in realizing the full potential of blockchain technology, as it allows for the seamless movement of data and assets between blockchains, increasing interconnectedness and enhancing the liquidity of assets.

Defining cross-chain interoperability

Cross-chain interoperability refers to the ability of different blockchains to communicate and exchange value with one another. It involves building bridges between other blockchains to allow for the seamless movement of assets and data between them. These bridges act as rules-based protocols, fundamental for scaling solutions, and use messaging infrastructures to ensure secure communication between different blockchains.

There are several approaches to making blockchains interoperable:

Interoperability protocols. These are protocols designed to facilitate communication and value transfer between different blockchains. Examples include Polkadot, Cosmos, and Aion.
Sidechains. These are separate blockchains connected to the main blockchain, enabling transactions to occur on a separate chain with the same asset. Examples include RSK, a sidechain of Bitcoin, and Plasma, a sidechain of Ethereum.
Atomic Swaps. These allow for exchanging one cryptocurrency for another without an intermediary, enabling cross-chain trades. Examples include the Lightning Network, used for atomic swaps on Bitcoin.
Cross-Chain Bridges. These are built to connect different blockchains and enable the transfer of assets and data between them. Examples include Wormhole, which was chosen by Uniswap for cross-chain governance messaging between Ethereum and Binance Smart Chain.

Cross-chain bridges concept overview

In the context of blockchain technology, a bridge is an application built on top of a messaging protocol that facilitates interoperability between different blockchains. It is an interface that connects two or more blockchain networks, allowing the transfer of assets and data between them.

There are different types of bridges. And here’s a suggested structure for bridge categorization:

Messaging infrastructure in bridges. At every bridge’s core is a messaging infrastructure that sends data across chains, facilitating various transfers (e.g., LayerZero, Axelar, Wormhole, CCIP).

Types of bridges. Bridges can be classified into various types based on their applications or utility, such as token bridges, NFT bridges, governance bridges, lending bridges, and ENS bridges. They can also be categorized based on how cross-chain messages are validated, which can be done in a decentralized, centralized, or hybrid way.

Bridge aggregators. Bridge aggregators are platforms that combine multiple bridges to provide users with the most efficient option for cross-chain asset transfers and exchanges, considering factors like cost, speed, slippage, and security. Bridge aggregators work similarly to Decentralized Exchange (DEX) aggregators.

Main reasons for bridge hacks

The increasing use of decentralized finance (DeFi), and the growing popularity of Ethereum’s Layer-2 ecosystem are making bridge hacks more frequent. These bridges connect different blockchains and Layer-2 solutions, each having different technologies, and connect many blockchains simultaneously, exposing them to more attack vectors. Furthermore, with the increasing use of DeFi, bridges are moving larger amounts of value, making them more attractive to hackers. Bridge security has three pillars: economic security, implementation security, and environmental security.

3 pillars of bridge security (and how they can be compromised)

Economic Security depends on the cost to gain control over the majority of validators, with the most common way to compromise economic security being to steal the private keys of validators. Natively verified bridges offer the best economic security, while externally verified bridges offer the lowest.

Implementation Security concerns the system’s complexity and the risk vectors that can compromise bridge security. Smart contract vulnerabilities and the compromise of RPC endpoints are the most common ways to compromise implementation security. Bridges need to be audited by multiple third parties to minimize the risk of security breaches.

Environment Security involves the integrity of the environment in which the bridge operates, such as the security of the nodes on which the bridge runs. Bridges need bug bounty programs to minimize the risk of security breaches. The security of the bridge’s nodes is crucial for environmental security. Multiple third-party audits are also necessary for environmental security.

Major causes of bridge hacks in recent years

Cross-Chain Interoperability Report analyzes the top 5 most expensive bridge exploits and answers two critical questions for each exploit: why it happened and at which security pillar.

Axie Infinity Ronin bridge hack. The attackers stole around $624 million due to compromised private keys. The risk pillar compromised was ‘Economic Security.’
Wormhole token bridge hack. The attacker exploited a deprecated, insecure function to bypass signature verification. The risk pillar compromised was ‘Implementation Security.’
Nomad bridge hack. Multiple individuals used an error in an update to drain over $190 million in value. The risk pillar compromised was ‘Implementation Security.’
Horizon bridge exploit. The attackers compromised at least two of the four private keys used by the bridge validators to gain control over the bridge validation process. The risk pillar compromised was ‘Economic Security.’
BSC Token-Hub bridge hack. The attackers exploited a vulnerability in the underlying code by forging a Merkle proof for a specific block. The risk pillar compromised was ‘Implementation Security.’

Mitigating bridge risks

While it’s best to be proactive than reactive, the experts believe in a complex approach to mitigating bridge risks, including adopting measures for threat mitigation, threat response, and risk assessment.

Threat mitigation measures. The report recommends the following actions:

smart contract best practices
code testing and audits
regular security updates
monitoring for real-time detection of threats
trusting technology, not third parties
preventing contamination (horizontal scaling) by using Hub and Spoke model
implementing Pre-Crime (Layer Zero) by checking messages against invariants
making messaging layer upgrades optional
open sourcing the codebase and offering bug bounties

Threat response plan. A good threat response plan should include a faster response time once the attack has begun. It should comprise challenge windows of sufficient duration for the team to take the necessary action. Risk identification with continuous monitoring systems like Extractor is also helpful for hack awareness.

Risk assessment framework for bridge security. Experts believe hacks can still occur, so having a threat response plan is instrumental. The report also recommends having a standardized Risk Assessment Framework to help users select the appropriate bridge for their transaction size and security needs. The report reviews three variants and settles on Coinchange Bridge Risk Assessment Framework which is the fourth DeFi Risk Assessment Frameworks that Coinchange has created to assess DEXes, Money Market protocols,Blockchains and Bridge risks. This framework comprises two parts: Data Gathering with 25 questions and 10 questions exclusively shared for the Risk Scoring ofOperational Risk, Governance Risk, Smart Contract Risk, and Liquidity Risk.

Conclusions

Cross-chain interoperability is crucial for the blockchain ecosystem. It allows for the seamless movement of assets and data between different blockchains, enhancing interconnectedness and increasing the liquidity of assets. Several approaches, such as interoperability protocols, sidechains, atomic swaps, and cross-chain bridges, achieve interoperability between blockchains.

Over the past two years, 70% of the value lost in DeFi was stolen in bridges. The industry needs a better solution for understanding and mitigating the risks.

The future of bridge security and cross-chain interoperability is yet to be determined. However, the effort to get to more secure interoperability is ongoing, and it’s collaborative. Coinchange has gathered prominent interoperability, enterprise, and security players to build the most secure version of the interoperability space.