Cross-Chain Crypto Payments: Is it Safe or Not? - read in the blog of the company COREDO

Cross-Chain Crypto Payments: Is it Safe or Not?

Updated: 27.02.2023

Have you ever thought of how blockchains can directly connect with each other? Like, how can they operate to vitally enable crypto owners to exchange their data and multiple cryptocurrencies without compromising the time and cost for the said trade?

The answer? Bridge protocols. These bridges work by taking a fund in crypto using one currency — let’s say, for example, Solana (SOL), and then putting it in stake in a bridge protocol, resulting in a token that can be used on the second blockchain of your choice, in this case, for example, Etherium (ETH).

This makes bridges a very important part of crypto settlements, in particular, decentralized finance (DeFi). However, as crypto industry spreads past decentralized application (DApp) platform Ethereum up to multiple driven blockchains, including metaverses, non-fungible token (NFT) markets, and lending programs, crypto-proprietors are currently being siloed in blockchains that can’t straightforwardly speak with one another. They are at risk.

What’s worse is that hackers have been very active, making as much as $1 billion since last August.

For a breakdown, the thieves got $425 million for three bridge protocols in the last two weeks. Then, another $612 million from the case of Poly Network in August (though for the record, Poly hacker returned everything back).

Nonetheless, bridges still want to be in the market, more so, being ambitious. For example, the Polkadot blockchain bridge empowers clients to automate the trading operation and add information to the exchange. As a result, one could take crypto tokens from the 100-sub blockchains it will host and then send them directly to another blockchain, let’s say DeFi lending or borrowing program, and even add commands to invest the tokens in a specified loaning pool to gain interest.

Cross-Chain Crypto Payments: Is it Safe or NotThis will add convenience to the exchanging activity, plus it could likewise successfully transform the siloed crypto blockchain industry into one system. Consequently, a major objective in the business will be accomplished.

The Problem

Looking at the recent crimes below, let’s explore the problem.

  • Wormhole’s $325 million theft, Jan. 27
  • Qubit’s $80 million loss, Feb. 8
  • $4.4 million attack on Meter Passport, Feb. 5.

First, being just online. Sender’s tokens must be typically stored into the bridge protocol straightforwardly. Meaning, they are kept on the web, and subsequently, considered as the powerless “hot wallet”.

Second, minting is the way these tokens generally get through the cross-chain cryptocurrency swap. “Wrapped” renditions of the beneficiary’s tokens are what’s being exchanged. Therefore, if a hacker can mint these wrapped tokens, they can redeem them for TKTK, and then can send them off right away to their private wallets and coin mixing services.

The catch is, if bridge protocols are ripped off, it’s not the cryptocurrency exchange or DApp development company that suffers. It’s the huge number of individual clients who took a chance with their cash completely all alone.

In contrast, the investment firm which backs Wormhole, Jump Crypto, “replenished” its funds with $320 million worth of ether. This strategy is effectively keeping their investment from being bankrupt and is accepted to be reimbursed over the long run.

The Theft, Explained

Binance Smart Chain (BSC)-based Qubit’s QBridge protocol was hacked on January 27. The hacker took advantage of an imperfection which convinced the DApp’s shrewd agreements in minting 77,000 wrapped ether tokens, qXETH, without actually using any assets. It was worth $185 million. They then, at that point, reclaimed the tokens for 207,000 of BSC’s Binance Coin (BNB) token, worth $80 million. After running away with the cash, both the developer and thousands of clients were exhausted.

February 11. Mound, which is Qubit’s development team head, declared that they can never again pay any further work on Qubit or Bunny Finance, another bridge convention. Instead, they would change over concentrated ventures into DeFi protocols managed by a decentralized autonomous organization (DAO). In this case, they left with nothing.

Cross-Chain Crypto Payments: Is it Safe or NotAs for the Meter Passport hack, $4.4 million was stolen. It began when entertainers utilized a trick to mint wrapped ether (wETH) and BNB tokens. To make matters worse, the attacker sold the BNB on SushiSwap, a top DeFi trade, right away. It then resulted in BNB’s local price crashing. This attracted individuals to purchase the crypto coin efficiently and afterwards use them to take out credits on the Hundred Finance loaning platform.

To put that into perspective, the said loaning stage acknowledged them at the ordinary worth, and were exchanged for other unaffected tokens. Since BNB had to be returned, the lenders were left with uncollateralized loans, costing them millions of losses. To reimburse its users and Hundred Finance, Meter set aside $4.4 million of its local MTGR tokens.

With the same scam strategy, the Wormhole hack also caused a bridge to create wrapped tokens and reclaim them for genuine ether. To be specific, it was through the Solana-to-Ethereum bridge.

Lastly, returning in August was the Poly Networks hack. The hacker, who was nicknamed “Mr. White Hat”, found a vulnerable spot on the bridge and let him move all of the $612 million worth of cryptocurrency into his own wallet. Take note that this money was from the individuals who had involved it as a security to purchase wrapped tokens. Luckily, Mr. White Hat returned everything back following half a month.

As such, just like any other investment projects to which people entrust their money with, faith is key. Bridges are indeed strong now, but what if there comes a time that they seem to be vulnerable?

Services

LEAVE AN APPLICATION AND GET
A CONSULTATION

    By contacting us you agree to your details being used for the purposes of processing your application in accordance with our Privacy policy.