Hackers have stolen over $2.5 billion through vulnerabilities on cross-chain bridges in the past two years.
Security has been a critical challenge for decentralized finance (DeFi) and its evolution. Between 2020 and 2022, hackers stole over $2.5 billion through vulnerabilities on cross-chain bridges, Token Terminal data shows. Compared to other security breaches, this is a substantial amount.
Issues with bridges have a root cause: All of them have an "inherent vulnerability," Theo Gauthier, founder and CEO of Toposware, told Cointelegraph. According to Gauthier, no matter how secure a bridge is on its own, it is "entirely reliant on the security of the chains it connects," meaning that any breach or bug within one of the two bridged chains makes the overall bridge vulnerable.
Briefly, bridges are used to connect different blockchains and aim to address the lack of standards between protocols. Interoperability between blockchains is considered to be a critical goal for enhancing the end-user experience and promoting broader crypto adoption.
Solutions for interoperability and security in the crypto industry are gaining traction despite the bear market. One of the major technologies available is zero-knowledge rollups (ZKPs), which allow data to be verified and proven as accurate without revealing further information, unlike typical interoperability solutions that require networks to disclose their states.
Through ZKPs, it is also possible to create a ZK-powered Ethereum Virtual Machine (EVM), noted Polygon's chief information security officer Mudit Gupta, allowing developers to launch scalable and completely private Ethereum compatible smart contracts. Gupta also noted that:
"We believe in the old crypto adage of “don’t trust, verify.” With ZK powered solutions, this is absolutely possible. The zkEVM has shown that it can maintain privacy, decentralization, speed and scalability. With this, there is no need to sacrifice anything that has made the crypto space what it is, and in fact it improves it."
For bridges, the solution would be auditing and real-time monitoring standards, noted Gustavo Gonzalez, solutions developer at Open Zeppelin. Bridges smart contracts "should be audited, ideally by multiple third parties, before being released “into the wild.” New audits should happen anytime updates are made, and all results should be transparently shared with the community."
Machine learning technology could also be used to flag potentially suspicious patterns of activity with advanced security monitoring, detecting an attack before it actually happens, said Gonzalez.
Combining security software solutions with blockchain protocols could make the entire space more secure for users and investors. A Bitcoin (BTC) maximalist would say "Just use Bitcoin, and you won't have these issues at all." While smart contracts for Bitcoin are in the works, DeFi players will be tasked with building trust within their respective ecosystems amid ongoing security concerns.