over 1 billion $$$ stolen through bridges in 2022 alone
we need better solutions
this is why @union_build is developing the most secure bridge we have in crypto
to understand it, we need to look at how most bridge hacks happen and what Union is doing differently
a thread 🧵
there are 4 common bridge vulnerabilities that have been exploited, let's go through them 👇🏻
1. Multisig Compromise
some bridges relied on a small set of keys (often 3-of-5 or 5-of-9 multisigs) to validate transfers across chains
if these keys are compromised (via phishing, inside jobs etc.), the attacker can mint or drain funds
the $625M Ronin Bridge hack is a perfect example
attacker took control of validator keys and authorized fake withdrawals to his own accounts
it was one of the biggest hacks in crypto history 🚨
2. Oracle / Relayer Manipulation
When you depend on off-chain third parties (oracles, relayers) to verify information on-chain, you're vulnerable.
If these actors go rogue, they can lie about chain state, causing incorrect behavior on the target chain.
Back in 2022, LayerZero faced criticism from security researcher @samczsun because their contracts had upgradable relayers + oracles, controlled by the team.
This was a massive vulnerability and if compromised, the attackers could steal all the funds passing through the protocol.
3. Smart Contract Bugs
Most bridges have complex smart contracts with lots of possible vulnerabilities.
Any small bug can let attackers bypass validation or drain liquidity.
The $190M Nomad bridge exploit is the best example.
It was a shockingly simple contract flaw.
A routine upgrade mistakenly set the validation check to always return 'true'.
Anyone could copy-paste an old transaction and move bridge funds to their own accounts.
The whole crypto community saw people copy-pasting attack code from Twitter; it was pure insanity.
4. Wrapped Token Risks
Many bridges use wrapped assets, which are only as good as the bridge that backs them.
If the bridge gets compromised, the wrapped tokens are worthless; there’s no real ETH to redeem.
In a $321M hack, the attacker exploited a bug in Wormhole’s smart contract that allowed them to mint 120,000 WETH on Solana without depositing any ETH on Ethereum.
They tricked the system into thinking ETH had been deposited.
Wormhole lost $321 million worth of real funds and had to pay users from their own pocket.
without going into technical details (I'm too rerarded for that) this is what @union_build does differently:
- no multisigs or oracles
- ZK-Proofs for validation
- native assets, not wrapped tokens
is the Union bridge absolutely unhackable? no, nothing is
but their tech removes most centralized points of failure, replaces trust with cryptographic proof, eliminates oracles/multisigs and avoids wrapping risk
it's as close as we can get to total security today đź—ż
3.13K
135
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.