As Another Token Bridge Gets Hacked, How Can Crypto Users Protect Themselves?

Recent “hack” of Multichain, a major crypto bridge, erodes trust in cross-chain solutions.

Hacker next to a jar of Bitcoins working on a computer which is displaying AT&T logo on the screen.
Created by Kornelija Poderskytė from DailyCoin

The recent “hack” of Multichain, a major crypto asset bridge, adds to a long list of bridge exploits and incidents that have by now shaken trust in these cross-chain solutions.

A token bridge is a protocol providing an economic connection between separate blockchains. It allows transferring of major assets like USDC, USDT, ETH from Ethereum, BNB Chain and other major hubs to smaller chains.

Bridges have varying architectures, but usually, it involves two sets of smart contracts: a vault on the origin chain holding the “real” assets, and an IOU token on the receiving end. Users deposit assets on the origin chain and receive the respective number of IOU tokens at the destination.

The IOU tokens have value because they can always be redeemed for the original assets stored in the vaults, so it’s clear that guaranteeing their security is paramount for smooth bridge operation. This has rarely been the case, with bridges alone accounting for over hack of the “total value hacked” in DeFi, according to DefiLlama.

According to Venket Naga, CEO at Serenity Shield, a cross-chain private data storage solution, “securing bridges in blockchain/crypto poses challenges due to interoperability and their open-source nature. He continued:

“These bridges act as connectors between blockchains and networks, creating many potential entry points for cyber attackers. Similarly, the decentralized nature of many of said blockchains can also complicate security, as multiple entities and protocols must cooperate seamlessly to ensure the integrity of any shared bridge.”

The latest loss at Multichain also highlights the significant centralization common to many bridge architectures, as it appears to have been executed by the sister of the project’s CEO, allegedly to “save” the assets.

How users can protect themselves against bridge exploits

Using bridged assets continues to present a significant risk for users as they might suffer a complete loss of their principal.

There are a few tricks that can help limit the potential damage from the exploits when they do happen. The first one is to simply stay on the lookout for anything suspicious.

For example, the Multichain loss was preceded by about a month-long period of uncertainty due to rumours of its CEO being arrested. The bridge was still operational and fully pegged, allowing abundantly cautious users to exit without losses.

Like with exchange uncertainty such as in the case of FTX, “panicking first or not at all,” was a valuable strategy that allowed millions to be saved by those who acted quickly enough.

Beyond that, as explained by Brandon Brown, Co-Founder and CEO of asset coverage protocol Fairside, token approvals play a big role. “To protect against bridge attacks and smart contract exploits, it is recommended to use a wallet with spending limits. Additionally, users should revoke smart contract access for third parties like Multichain after interaction to prevent loss due to future vulnerabilities.” 

More comprehensive solutions to the bridge risk have yet to be found. As Brown explained, any comprehensive coverage solution will tend to shy away from bridges: “Bridges present complex challenges for cover providers due to centralization and the risks associated with smart contracts,” he said.

While Fairside provides individual coverage against attacks such as phishing, SIM swaps and other personal losses, generalized protocol losses happen far too often to be sustainably covered. But Brown believes that new, more sturdy solutions such as Axelar’s Interchain can help improve the security of interoperable solutions as a whole. 

“These advancements and others like it pave the way for viable coverage options to become a reality in the near future,” he concluded.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Alex Costa

Alex Costa is a crypto writer and investor specializing in researching, analyzing and reporting on promising small-cap projects that are gaining traction in the industry. He has been in crypto since 2018, when he began looking for hidden gems in crypto. Today, he is dedicated to finding the next top performing NFTs and tokens.