Crypto never sleeps, and neither do exploiters

Views expressed in this article are the personal views of the author and should not form the basis for making investment decisions, nor be construed as a recommendation or advice to engage in investment transactions.

It’s now well understood that nascent technology brings with it both opportunity and danger, as bad actors leveraging newly developed blockchain tech has become somewhat par for the course in the space. Regardless, crypto saw a flurry of attacks on various fronts over the past five days, barely allowing market participants to catch their breath between exploits. This month alone, we’ve already seen ~$200m drained from the space through attacks.

Unpacking recent hacks

Monday began with Nomad bridge – a cross-chain bridge connecting Ethereum and Moonbeam – being exploited for an eye-watering sum of $190m. Bridges have become a primary target for hackers as the multi-chain space evolves, with over $500m drained from Axie Infinity’s Ronin bridge earlier this year.

Why target bridges?

There’s a common misconception that cross-chain bridging is similar to traditional payments channels (think cross-border payments), but that’s far from the case. When initiating a bridge transaction (from Ethereum to chain ABC for example), users generally deposit their ETH initially, and receive a wrapped token on the destination chain – such as wETH. This token is 1:1 representation of the original, and in exchange the bridge locks up the deposited funds as collateral. Thus, bridges are required to hold vast treasuries to support high volume throughput, making them prime targets for potential exploits. Additionally, given that multi-chain interoperability is a new undertaking in its own right, such bridges may be prone to vulnerabilities. 

Solana’s wallets drained

Less than a day following the Nomad exploit, the market was left stunned as more than 8,000 Solana wallets were drained of native assets totalling $6m. This particular exploit puzzled analysts initially, as it was not confined to a single wallet provider, but rather affected users of multiple providers, including Phantom and Slope. Having found no sign of protocol exploitation, it’s since come to light that Slope had been broadcasting users’ private key information to a third party monitoring service. How these keys were intercepted remains unclear, but this particular exploit has, momentarily at least, flipped the “not your keys, not your crypto” on its head. Phantom issued a statement indicating that their wallets may have been compromised due to users importing accounts from Slope to Phantom and vica versa. To be abundantly clear, as it stands this was not a case of cryptographic vulnerability, but rather a result of poor operational security (opsec) and data transmission.

Forward focus

Given the frenzy of exploits this week, we’ve barely scraped the surface of ongoing geopolitical tension. The world held a collective breath as US House Speaker, Nancy Pelosi, made a head-scratching visit to Taiwan that cost $90m and achieved nothing besides further antagonising China. Regardless, markets have scarcely been affected despite ever-impending threats of fresh conflict, mostly due to their current lack of liquidity.

This week’s exploits, while tragic for those affected, serves as a much-needed reminder that safety and opsec are paramount in a space still finding its feet and innovating rapidly. On-chain transacting offers a gateway to the vast ecosystems of DeFi and NFTs, and can be an incredibly rewarding experience. However, as has been illustrated throughout this year, with freedom comes risk. Indeed, the motto of many crypto maximalists has never held truer: “Don’t trust, verify”.