No this is not regarding the Crimean Bridge being burned. I wouldn’t touch that topic with a ten foot pole.

What I am going to try to discuss is the cross-chain bridges out there that connects and allows blockchains to convert coins with a click of a button.

Just recently, Binance’s cross chain bridge got hacked to a tune of 500M USD’s. Through the efforts of the community developers and Binance itself, they were able to minimize the hacking to 100M USD. Changpeng Zhao, Binance’s CEO has clarified that this hacking event did not affect the Binance Crypto Exchange but only the cross-chain bridge. Props for the effort to minimize damages, However, 100M USD is 100M USD. What we all could do with that kind of money is near limitless.

According to this blog post by Chainanalysis, it estimates that “$2 Billion in cryptocurrencies has been stolen across 13 separate cross-chain bridge hacks” and these all happened just this 2022. Such stats can create a ginormous amount of FUD for an industry that badly needs a break.

But this begs the question of what can the community do to mitigate such occurrences from happening again?

Crypto communities are the heart and soul of any crypto project. It provides order and organization of ideas for proposed projects to a blockchain and it’s subsequent development. There are community devs that work towards these projects once they have been voted on and approved by the community. They are the ones who implement the code and make sure that it follows all safety standards in terms of security. This is the power of decentralization. No single corporate entity owns the blockchain. In its place are the community that supports and maintains the network. Everyone is free to interconnect with any other blockchain. It is however, in these communities that we will need to focus on.

Based on Chainanalysis research, 69% of hackings in 2022, happened on a cross-chain bridge. Cross-chain bridges are open sourced smart contracts that provide utility by integrating with one blockchain to another for coin conversion. i.e. ADA to COTI or ETH to LUNC.

The community itself tests these beta projects. However, we have to note the disposition of the testers, their frame of mind to be exact. In this case, they probably will just go through the test script and conclude that it is safe and efficient then it is deployed. The problem arises on where these community testers and devs are coming from. Most of the time, they are crypto enthusiasts who also have much at stake in the project. Meaning, heavily invested. Going by the twitter posts of some of these guys, they are also the moonboys who hype their coins to try and trigger a buying spree on the market thus gaining more value in a short amount of time. This desire to increase the coin’s value ASAP conflicts with the undeniable need to ensure security. It may be a long drawn out process, but the security of a protocol itself is a testament to its reliability and of its being trustworthy.

To ensure that security is somewhat ( I say somewhat, cause there are no 100% secure software out there) airtight, Devs and Testers need to place themselves in the position of a hacker. The main goal of these guys are to check for vulnerabilities and exploit it. Knowing full well that millions of dollars worth of crypto are theirs for the taking if they manage to find that weakest link. Such a mindset, allows them to go through code, line by line with extraordinary patience. Who wouldn’t? knowing that you can possibly gain hundreds of thousands, if not millions of value if you succeed. They are the scavengers who steal the hunter’s hard won prize. Remember, these are all open-sourced software, so security can’t be a joke. Otherwise, we may as well start burning all these cross-chain bridges.

Maybe a stricter code review structure should be put in place. Maybe, testers need to be armed with the latest list of known vulnerabilities. Such measures can help with security. But even then, security teams need to understand that they are dealing with a determined enemy. So much so, that they must be able to deduce if a code is possibly vulnerable and prone to future hacking. Again, this will be tedious. And if we will go by the mindset of most of these crypto projects of aiming for “first mover” status, exploiting of vulnerabilities is really just a matter of when.

I don’t blame them for needing such haste. Afterall, marketing is big part of the game. But if projects are to be released, and released quickly. Maybe it is not enough to just get it off the ground and leave it once it starts operating. Wouldn’t a second tier support team be advisable? Afterall, the statistics indicate their is a need for it. Once the project is released, this team will continue to review the code and check for vulnerabilities. Let them pass each line of code under a microscope and analyze for weaknesses. This may be costly, but these projects normally swim in money anyway, since investors are a dime a dozen. And think of how much more investors you will entice, when they see how reliable and secure your solutions are.