Crypto Shuttle News

Tag: Bridges

  • What are Bridges? Illicit use of bridges | by Coinbase | Apr, 2022

    What are Bridges? Illicit use of bridges | by Coinbase | Apr, 2022

    [ad_1]

    By Heidi Wilder, Special Investigations Manager & Tammy Yang, Blockchain Researcher

    Part 1: What are Bridges? Bridge Basics, Facts, and Stats

    Illicit actors are often attracted to the newest forms of technology, and bridges are unfortunately no exception to that rule. Illicit actors are defined as individuals or groups conducting illicit activity, such as scams, thefts, or other illegal activity, on the blockchain. In the previous section of this blogpost, we covered the Wormhole and Ronin bridge exploits.

    Analyzing the use of Ethereum bridges by illicit actors in January 2021 through April 2022, we find that Ronin, Wormhole, followed by Polygon and Anyswap have the most volume flowing through them.

    To date, Ronin bridge’s exploit that took place in late March is the largest hack in the DeFi space, totalling more than $540 million in funds stolen (as of the day of the bridging of funds). We discussed this exploit in more detail in our previous blockpost. Unsurprisingly, this hack makes up the largest illicit volume with the Ronin bridge.

    Wormhole’s Ethereum-Solana bridge was attacked in February 2022, leading to a loss of over $250m.

    Polygon’s bridge was primarily abused by Polynetwork’s exploiter (although funds were returned), the bZx hackers, and the AFK System rug pull. The bZx hackers appear to have literally gone back and forth between chains to decide which ones were best to consolidate funds. Ethereum won in the end.

    Anyswap BSC bridge was primarily used as a bridge by the Bunny Finance flash loan attackers, Squid Game rug pull and Vee Finance hackers.

    Why would illicit actors want to bother bridging at all?

    Illicit actors’ reasons for bridging funds between networks are both similar and different compared to the general population of bridge users. Possible reasons include:

    • Consolidation. Combining funds through bridging makes them easier to handle and to generally then launder onwards.
    • Obfuscation. Bridging over funds to other networks adds another layer of complexity to tracing funds on-chain. Tracing funds that travel through a bridge requires tracing capability on both networks and linking them through the bridge.
    • Faster and cheaper transactions and to use assets that are not native to the network. Bringing over funds to other faster and cheaper networks can aid illicit actors in transferring their funds more rapidly at a lower cost. The added ability to access assets that aren’t native to the network allow both licit and illicit actors to gain price exposure to a non native asset, while also enjoying the benefits of the other network.
    • To access a broader selection of dApps. As blockchain monitoring has become increasingly popular, so has scrutiny of illicit activity:

    a) Instead of immediately cashing out, some illicit actors will choose to bridge over funds and then yield farm with them for a period of time, which has the benefit of passing time and earning interest on their proceeds.

    b) Alternatively, illicit actors will also leverage certain DeFi protocols that help break the chain in order to obfuscate the true source of funds.

    But how are illicit actors employing these methods in practice? What happens after someone has bridged over funds to another chain? Can you track through a bridge to the other side?

    Because of the transparency of the blockchain and of many bridge protocols, we can trace through various bridges to identify the ultimate destination of funds.

    Below are some recent examples of how illicit actors are employing bridges and how we can trace through bridges to identify the ultimate destination of funds.

    Consolidation and obfuscation — as seen with an NFT phishing scheme

    NFT phishing scams are nothing new, but the scale at which NFT phishing scams are occurring on social media is rampant. In this particular case, we observed several Murakami Flower phishing scams, among other popular impending NFT releases.

    In this case, we observed that several of these scams bundled together their ill gotten ETH in a novel way.

    Instead of pooling their ETH together on Ethereum, they bridged over the funds to the Secret Network, which was likely an attempt to obfuscate the source and destination of funds.

    Although they may have bridged over funds to the Secret Network, they continued to bridge over to the same address over and over again. Consolidating funds from various phishing schemes allowed them to better get a grasp on their funds.

    Accessing a broader set of dApps — an example of using bridges to then yield farm with ill gotten gains with the Squid Game rug pull

    In November 2021, the Squid Game token rug pulled. Although the token was launched on Binance Smart Chain (BSC), funds were bridged over to Ethereum. While this was likely for obfuscation purposes, it was also to gain access to Ethereum-based dApps.

    In particular, once the attackers bridged over funds to Ethereum, they opted for two yield farming strategies, which allowed them to earn interest on their ill gotten gains.

    The first, was to swap funds to USDT and to supply liquidity to the ETH/USDT Uniswap pool (one of the deepest pools on Uniswap). The second was to take the ETH and to lend it on Compound.

    While the attackers have begun to cash out, they have not only waited out the heat but have also made some interest while doing so.

    Accessing a broader set of dApps — an example of using a bridge to access DeFi protocols to break the chain of traceability with a malware operation

    A malware and ransomware operation primarily sourced funds from victims in Bitcoin over the years. However, in the latter half of 2021, the operation began to bridge over funds to ETH using Ren.

    This allowed the attackers to mint renBTC. Using a particular protocol, Curve.Fi Adapter, the operators were able to immediately swap the newly minted renBTC for WBTC. Both renBTC and WBTC are BTC-backed tokens on the Ethereum blockchain. It’s important to note that the attackers specifically wanted WBTC though, which they could then deposit to Compound.

    Compound is a DeFi protocol that allows users to earn interest on their deposits. When a user deposits funds into Compound, such as ETH, they are provided with cETH or Compound ETH in return, which can be exchanged through Compound for the original ETH amount deposited plus interest earned. Alternatively, users can also use the cETH as collateral to then borrow other tokens.

    And that’s exactly what the malware operations did. They used cBTC as collateral to then borrow stablecoins from Compound, particularly USDT and DAI. And with those stablecoins they then cashed out at various exchanges.

    The idea here is that the malware operators were attempting to obfuscate the true source of their funds and to make it seem like they received funds directly from Compound.

    What can we do about this?

    Because of how public, traceable and permanent the blockchain is, we can leverage it to not only identify illicit actors bridging funds across blockchains but also to stop them. The primary mechanism for this is blockchain analytics.

    Here are some steps we can take as an industry to combat illicit actors’ bridging of funds:

    • Work with blockchain intelligence providers to identify cross-chain transactional flows to quickly identify when illicit funds have hopped from one network to another;
    • Block illicit actors addresses’ on both sides of a bridge;
    • Monitor inputs and outputs of protocols that are heavily abused by illicit actors who bridge over funds.

    Using these and other tools we aim to preserve the integrity of the ecosystem while also encouraging innovative concepts, like bridges, to expand the crypto economy.



    [ad_2]

    Source link

  • What are Bridges? Bridge Basics, Facts, and Stats | by Coinbase | Apr, 2022

    What are Bridges? Bridge Basics, Facts, and Stats | by Coinbase | Apr, 2022

    [ad_1]

    By Heidi Wilder, Special Investigations Manager & Tammy Yang, Blockchain Researcher

    Introduction

    Recent questions have been raised about how bridges and mixers work both for legitimate business purposes and illicit financial transactions.

    Although mixing services have been extensively analyzed for years, bridges are a newer concept that became popular in 2021. Bridges allow crypto holders to ‘move’ (or ‘bridge’) their assets between different blockchains. This allows them to hop from one chain to another and gain exposure to other networks.

    We observed a sharp increase in cross-chain activities from Ethereum beginning in April 2021. The daily number of deposit activities to Ethereum bridges reached its peak in the Summer of 2021 and the highest single-day record of over 60,000 transactions bridging from Ethereum occurred on September 12, 2021.

    This two-part blog post aims to explain what bridging is, why it has become so popular, and why bad actors are bridging over funds across networks.

    What is a bridge?

    A bridge is an application that uses cross-chain communication technology to enable transactions between two or more networks, which can be Layer 1s, Layer 2s, or even off-chain services. Simply put, a bridge allows crypto holders to transfer their assets from one network to another. For example, a USDC holder on Ethereum might want to transfer their USDC from Ethereum to Avalanche via a bridge application.

    However, a bridge doesn’t move an asset between chains, it links the asset on one network to its representation (i.e. a wrapped version) on the other network. The cross-chain transaction is achieved via ‘locking’, ‘minting’, and ‘burning’ that accounts for the link between the representations on different chains. We’ll discuss exactly what these terms mean in the following two examples.

    Let’s say Alice wants to bridge 100 ETH from Ethereum to another network called Network Other (a made up blockchain network) via a bridge application called Bridge (also made up):

    1. Alice deposits 100 ETH to the Bridge contract on Ethereum;
    2. The Bridge contract on Ethereum locks the assets and informs the other Bridge contract on Network Other; the asset cannot be accessed until the users requests a withdrawal;
    3. The Bridge contract on Network Other mints (creates) 100 tokens representing the locked ETH (i.e. wrapped ETH);
    4. The Bridge contract transfers the newly minted wrapped ETH to Alice’s address on Network Other:

    Alice now holds 100 wrapped ETH on Network Other. Later, she receives 10 wrapped ETH from someone else. Now, her address balance on Network Other increases to 110 wrapped ETH. She decides to withdraw all back to Ethereum:

    1. Alice sends 110 wrapped ETH to the Bridge contract on Network Other;
    2. The Bridge contract on Network Other burns (destroys) the 110 wrapped ETH and notifies the Bridge contract on Ethereum;
    3. The Bridge contract on Ethereum validates the withdrawal request (e.g. whether Alice really owns 110 wrapped ETH on Network Other). If all checks out, it unlocks 110 ETH to Alice’s address on Ethereum:

    How and when did bridging get so popular?

    Bridging took off in 2021. Especially after April 2021, we saw cross-chain traffic from Ethereum increased exponentially — both in daily number of transactions and unique addresses deposited to the Ethereum bridges. We believe this upward trend is likely driven by one of the reasons below:

    • Increase in the number of bridge applications. Wormhole launched the Ethereum-Solana bridge, Multichain (AnySwap) launched the Ethereum-Fantom bridge and Ethereum-Moonriver bridge, and Celer launched the cBridge in 2021.
    • Increase in the number of new networks that can connect with Ethereum. Avalanche, Ronin, Arbitrum One, Optimism, and Solana were launched in 2021.
    • Increase in the number of decentralized application (dApp) projects launching on chains other than Ethereum and incentivized usage of these systems.

    Why do users bother bridging at all?

    Normally, users want to bridge from one network to another because they want:

    • Faster and cheaper transactions. For example, alt-Layer 1s like Polygon, Layer 2s like Arbitrum One and Optimism are the well-known scaling solutions to Ethereum.
    • To use assets that are not native to the network. For example, users can gain price exposure to a currency like Bitcoin on Ethereum, with the help of bridge projects like Ren and Wrapped Bitcoin.
    • To access a broader selection of dApps. A user might want to bridge funds from Ethereum to the Ronin Network to access Ronin-specific applications, such as their gaming dApp; since some dApps aren’t deployed on Ethereum mainnet because of its limitation on transaction speed and block size.
    • To gain additional income from incentive programs. Many users choose to bridge because destination networks or projects on destination networks may send free tokens to members of their communities.

    What’s happened since 2021?

    A lot happened in 2021. Between July and November, many new dApps and new networks were launched. Bridging activities from Ethereum were at its peak during the time. Most of the bridges became quieter from Q4 in 2021. However, this was not the case for the Polygon PoS bridge — we saw strong and steady bridge traffic, in the number of deposit transactions, from Ethereum to the Polygon Network throughout 2021, which eventually led to Polygon PoS dominating cross-chain traffic in Q1 2022.

    Figure 1 below shows the daily number of deposit transactions to Ethereum bridges. We theorize that the sharp spike around September 11, 2021 was driven by the launch of Arbitrum One.

    Figure 1 Daily number of transactions deposited to Ethereum bridges since 2021.

    Let’s take a look at bridge dynamics in deposit and withdrawal volumes in USD. Figure 2 below shows the daily deposit and withdrawal volumes in USD in Q1 2022. We believe that some sharp spikes in volumes were event-driven (e.g. launch of a new project, airdrop, incentive program, whale activity, bridge exploits, etc.)

    • Top 3 in total deposit volume in Q1 2022 are AnySwap Fantom bridge (green, ~$8.4B), Avalanche bridge (pink, ~$7.8B), and Polygon PoS bridge (blue, ~$4B);
    • Top 3 in total withdrawal volume in Q1 2022 are Avalanche bridge (pink, ~$10.5B), AnySwap Fantom bridge (green, ~ $6B), and Polygon PoS bridge (blue, ~$3.8B);

    We also observed a very interesting fund movement pattern, especially with the AnySwap Fantom bridge, where large amounts of funds were moved to the Fantom network, and then withdrawn back to Ethereum mainnet after a very short period of time.

    Figure 2 Daily deposit volume in USD to Ethereum bridges in Q1 2022

    How safe are bridges?

    As with most new technology, there are some risks to consider. For example, there are risks that users’ funds can be stuck during the deposit and withdrawal process, or they can be victims of cyber theft. When users decide to bridge an asset, they should also be aware of the underlying risks so that they can make more risk-driven decisions.

    Theft Risk is the most common risk that can lead to bridge contracts losing part or all of the funds. Here are some problems that may lead to theft:

    • Bugs in smart contracts. Programming or logical errors can have a serious impact on bridge security, creating opportunities for attackers to steal the locked funds from the bridge contracts.

    The latest example is the Wormhole attack in February 2022 (details here). The attacker spotted a loop hole in the smart contract code, minted 120K Solana ETH without bridge approval and withdrew 80,000 ETH from Ethereum in Feb 02, 2022. Luckily, Jump Trading covered the gap by depositing 120K ETH back to the bridge contract on Ethereum.

    Figure 3 Daily deposit and withdrawal volume in USD to Wormhole bridges

    • Compromised custodians. Most of the bridge applications nowadays rely on external authorities to interact with the bridge and withdraw funds. They are the custodians of the locked funds — they can be trusted parties (e.g. AnySwap bridges) or a pool of validators bonded by stakes (e.g. Polygon PoS bridge and Ronin bridge). Then there is a risk that the custodians may be compromised or act maliciously.

    On March 23 2022, the Ronin attackers compromised all four validation nodes run by Sky Mavis. Sky Mavis is the company who created the Axie Infinity game, Ronin Network, and the Ronin bridge. Together with the fifth validator (run by Axie Dao), which whitelisted all messages sent by Axie Infinity at the time, attackers gained control over the majority of the validators (5 out of 9).

    The attacker then withdrew 173,600 ETH and $25.5 million USDC from the Ronin bridge on Ethereum without going through any verifications (more details here and here).

    Figure 4 Daily deposit and withdrawal volume in USD to Ronin bridges

    • Hostile Layer 1 miners/validators. If more than 50% of the Layer 1’s computing power or stakes are controlled by hostile miners or validators, they can attack bridges on chain and steal the locked funds. For example, they can revert a completed deposit transaction on Ethereum after assets are bridged to another network, which allows attackers to withdraw funds from the other network without depositing on Ethereum (more details here). Or, they can prevent bridge contracts getting updates from the other network, which may lead to major damage to user’s funds that are locked at the bridges.

    These scenarios are unlikely to happen, but not impossible. In a worst case scenario, if assets locked at an exploited bridge were already bridged over from another network and used in DeFi applications, this may lead to a cascading contagion over multiple blockchain networks.

    Bridge users should be aware that the loss by theft is usually not reversible.

    What do we expect for 2022?

    Given the explosion of bridges in 2021, we believe their popularity will continue to rise, especially as we are expecting to see developments in below areas:

    • Bridging demand. As more networks and bridges launch this year, we expect to see more users wanting to bridge between networks;
    • CEXs. More centralized exchanges (CEXs) will enable direct deposit and withdrawal to alt-Layer 1s and Layer 2s in 2022 (some already happened here, here and here).
    • Bridge security. As more users willing to bridge, more crypto assets will be locked at the bridge contract — creating a honeypot effect, increasingly attracting hackers.
    • Risk awareness. Many bridging decisions are cost-driven at the moment. We believe people have different risk appetites. However, there is a big difference between risk weighting choice of a bridge vs. choosing a cheap bridge solely because of the low fees.

    It will be interesting to see, with more information and discussions around bridge security becoming available, if more risk-driven decisions would be made when it comes to choosing a bridge in the future.

    Now that we understand what bridges are, why they’ve gained mass appeal, and what potential security concerns are with them, in our next blog post we’ll discuss the use of bridges by bad actors.



    [ad_2]

    Source link

  • What Are Cross-Chain Bridges and Why Do They Matter?

    What Are Cross-Chain Bridges and Why Do They Matter?

    [ad_1]

    While DeFi promises a world where people can transfer their money without the hassle and transaction fees of banks, anybody who has tried to convert ETH to BNB recently knows it’s not so simple. 

    Gas fees make cross-chain transactions very expensive, hindering the free flow of crypto assets. 

    So, it is not surprising that cross-chain bridges have grown at an unprecedented rate, a TVL increase of 89% MoM in October as DeFi transaction volume booms in the bull market. 

    However, did you know that cross-chain bridges solve other problems besides, what are essentially crypto transaction fees?

    As multi-chain projects and interoperability become key components of the industry, DeFi investors need to understand how cross-chain bridges work. 

    DeFi TVL (since January 2021)                                                                            Data source: Footprint Analytics

     

    DeFi TVL Ranking by BlockChain (since Jan 2021)                                         Data source: Footprint Analytics

    This article will look into the nature of cross-chain bridges, specifically:

    1. How does a cross-chain bridge work?
    2. Cross-chain bridges’ market performance.
    3. Problems addressed by cross-chain bridges.
    4. Selecting a cross-chain bridge.

    What Is a Cross-Chain Bridge?

    A cross-chain bridge or a blockchain bridge enables the transfer of tokens, assets, smart contract instructions, or data between blockchains. Two chains may have different protocols, rules, and governance models, but a cross-chain bridge connects these disparate blockchains together by interoperating securely.

    A cross-chain bridge allows users to:

    • Deploy digital asset transactions fast and easy;
    • Enjoy low operational difficulty;
    • Take advantage of lower transfer fees on non-scalable blockchains;
    • Implement dApps across multiple platforms.

    Here is an example of how cross-chain assets are transferred with a bridge:

    When a user needs to convert an asset such as an ERC20 A token on Ethernet into another asset such as BEP20 A token on the BSC chain via AnySwap, the ERC20 A will be locked on the source chain and then notify the bridge to generate the BEP20 A on the BSC chain before sending it to the user.

    In this example, the entire operation of the cross-chain bridge takes about five to 20 minutes, with an approximate gas fee in the range of $10 to $20, depending on the pre-congestion conditions in Ethereum at the time.

    Data source: anyswap.exchange

    How Has Crosslink Bridge Performed Recently?

    The market is currently dominated mostly by Layer 2 scale-out cross-chain bridges, which are mainly built on Ethereum for better interconnection and interoperability.

    According to Footprint, the TVL of cross-chain bridges was $16.2 billion as of Oct. 26, which is an increase of over 72.25% in the last 30 days. The four largest cross-chain bridges namely, Avalanche Bridge, Polygon Bridge, Arbitrum Bridge and Fantom Anyswap Bridge, account for 95.61% of the entire cross-chain bridge, with its highest monthly increase of 401.23% last month.

    Suggested articles

    Trading Education: Boost Your Skills in FBS TraderGo to article >>

    Data from the CoinTofu Cross-ChainBridge tool, reveal that these four cross-chain bridges have excellent user experience ratings.

    TVL & share distribution across- chain bridges (since Apr 2021)
    Data source: Footprint Analytics

     

    Ethereum Bridges TVL Ranking & Change
    Data source: Footprint Analytics

    The above chart shows that Optimism has had the most active deposits from the beginning of September to yesterday, followed by Avalanche. Current transfer fees are as low as $0.25 (according to L2 Fees) and their transfer fees are variable, but with relatively small changes.

    Ethereum Bridge Daily Unique Depositors (since June 2021)
    Data source: Footprint Analytics

    The main asset traded on cross-chain bridges is ETH (WETH), with total ETH lock-ups on the 15 cross-chain bridges valued at $6.882 billion as of Oct. 26. This represents approximately 42.6% of total lock-ups and the most used asset by investors, followed by WBTC and stablecoin USDC.

    Asset Distribution- Tree Map
    Data source: Footprint Analytics

    What Problems Do Cross-Chain Bridges Address?

    Cross-chain bridges create growth across chains (reflected by Fantom and Avalanche prices, which hit gains of 12% and 18%, respectively, in the first week of November) that offer disparate asset interoperability, which is a high level of security and a better asset rendition.

    Without a bridge, investors have to go through different exchanges and incur larger fees instead. 

    Cross-chain bridges also address the following:

    • Lower gas costs with increased transaction speeds;
    • User assets can be freely interacted with for a high user experience;
    • Improved productivity and usefulness of existing crypto assets;
    • Higher security and better privacy.

    The use of cross-chain bridges is appropriate in the following scenarios:

    • Token transfers between Ethereum and a Layer 2 network, with assets interoperable across chains, such as faster and easier deposit of funds, withdrawal of assets and exit times to reduce operational complexity;
    • High fees and use in times of Ethereum congestion;
    • Thin assets supported by single chains and more assets supported by cross-chain bridges;
    • Investors can use cross-chain bridges when investing in new chains to get to the head mine faster, but need to assess the full mechanics of the new chain and its security;
    • Arbitrage trading across the DEX on Optimism, Arbitrum and Polygon, etc.

    How to Choose the Right Cross-Chain Bridge

    Consider the following criteria when selecting a cross-chain bridge:

    •  A stable TVL exceeding USD$1 billion with a sound cross-chain mechanism and a credible execution environment reflected by gradual changes instead of abrupt fluctuations. Verification method of cross-chain information and management method of cross-chain funds must be taken into account;
    •  Reasonable transfer costs (from USD$1 to USD$5) across the chain and interaction speeds with an estimated arrival time of 10 to 30 minutes;
    •  Security to ensure against hackers that take advantage of vulnerabilities. 

    In addition, there are also a number of aggregation tools that offer a one-stop cross-chain bridge solution, of which CoinTofu has a better overall experience in terms of reaching the cross-chain page with one click and displaying the advantages of supported cross-chain bridges, estimated arrival times, transaction fees and user experience ratings.

    Data source:cointofu.com

    Conclusion

    With the development of the DeFi industry, cross-chain bridges have become more popular than traditional exchanges. They enable interoperability and mutual integration of blockchain applications to support project owners, various blockchains, and investors as well as address the problem of capital flow and lower transaction costs to users.

     

    Maxine Smith, a crypto writer from Singapore and a DeFi data analyst with a focus on market trends and regulations.



    [ad_2]

    Source link