How to choose a secure inter-chain bridge that can be stolen?

Once the market has entered the multi-cycle ecosystem, consumer demand for the chain continues to be stronger. However, in today's market, since each channel's antennas usually support straps, a third process across channels has become an important option for channels where users support the public channel more. At the same time, cyber hacking has also become a hot target for hackers.

Just before January 18, a third-party cross-chain protocol, Multichain (formerly Anyswap), was stolen again, costing around $6 million.

Since bridge safety incidents have occurred many times over the past few years, here is a brief summary of recent bridge safety incidents to help readers avoid hazards when using them.

Inter-Chain Bridge Security Issues Examined Last Year

On June 29, 2021, THORChain suffered the first hit and suffered around $350,000. In July of the following year, THORChain fought together twice, costing around $16 million in losses.

On July 11, 2021, ChainSwap was attacked and BSC-mapped token addresses were shut down to filter hacker addresses. Financial partner RAI stole over 700,000 RAI tokens due to inconsistencies in the ChainSwap contract.

On July 12, 2021, Anyswap announced that the newly developed V3 cross-chain liquidity pool was hijacked early yesterday, resulting in a total loss of 2.39 million USDC and 5.5 million MIM, a total increase of 7.87 million USD. Conflict

On August 10, 2021, the Poly Network (O3 Swap) was hijacked and approximately $610 million in assets were shipped.

On November 7, 2021, cross-chain protocol Synapse (formerly Nerve) was hijacked, affecting approximately $8 million in assets.

On November 23, 2021, the Celo Bridge over Optics Cross Chain Bridge several signature wallets were sent to an unknown person and the Optics Cross Chain Bridge was cut.

On January 18, 2022, Multichain (formerly Anyswap) was robbed again, costing around $6 million.

Is security due to luck?

Regarding various security issues recently, @0x_Todd noted that for the DeFi application, once there is a security issue, it will have other issues. And while the process is always smooth, it won't always be.

Of course, we know that this expression means critical and it cannot be used as a measure of risk measurement. However, with some industry examples, jobs with a history of climate change are more likely to be transferred than others. For example, the infamous DeFi insurance cover was stolen several times before returning to zero. The insurance contract itself is not insurance, and the cover contract has become the ATM hacker.

In fact, the cause of this phenomenon is the result of a non-accidental security event, suggesting that development teams may have serious issues with their internal release process and knowledge of risk management.

Events are usually just outward signs of internal control. If an internal, hidden risk cannot be completely eliminated and only external problems can be solved, a similar security situation immediately arises.

However, many corporate groups in the crypto industry no longer have very strict work ethics. They often continue to push project growth and lead the market after a rush to fix the defect immediately, leading to increased hidden risks in the process. .

So, for the average user, what can they do to find a safe bridge above the harness in the face of current rope crossing regulations?

Here's a small fix for the "cleanup" mentioned by @0x_Todd first. First of all, a protocol without security risks does not mean security at all. However, if TVL adds enough to this process and the process has been online long enough, the security risk is also low. After all, for this "fatty meat" product, the rules can be checked by many high-level hackers.

Also, if it's too late to say that it's too true to kill all processes in a security situation, it's best to stay away from procedures that have been two or more security situations together.

Finally, based on this model, we have identified third-party passenger channel channels which are a bit larger on TVL in the market and have been widely used for all public channels.

Of course, the experiences encountered in this process may not be enough, as multi-chain ecology and chain linkages are the result of rapid growth in recent years. For the following chain links that do not pose any safety concerns, we recommend that you use them with caution when managing your own risk.

Third party products across the chain are connected to high quality data

Allbridge

Allbridge is a flyover designed by the APYSwap team. Its main focus is to support EVM-enabled chains while supporting non-EVM chains such as Solana and Terra.

online time: July 2021

TVL: $ 546 million (DeFi Llama 1/20 record)

sea ​​bridge

cBridge is a cross-platform bridge that supports most EVM chains (such as layer 2) of ball chains, and initially covers all EVM-compatible chains available in the market, and currently supports 19 chains and layers. on the other side of the street. The channel's total revenue jumped to $2.4 billion, and the numbers have also grown rapidly since the release of V2 and are now over $200 million.

Unlike other third-party cross-chains that only target cross-chain devices, cBridge targets are more desirable. In addition to the performance of the interconnect chain, cBridge recently announced the Celer Inter-chain Message (Celer IM) access to cross-platform data, striving to connect many chains in the future. -Simple chain ecosystem infrastructure protocol.

According to legitimate data, the next generation of multi-channels will always have dApp, making the future Celer IM the first of its kind across nations through future applications in multiple worlds. It allows users to transfer assets from one chain and borrow directly from another chain, or help users trade assets across multiple chains in a single exchange.

online time: February 2021

TVL: 195 million dollars (cBridge data validated on January 21)

jump protocol

The advantage of the jump protocol is that it supports cross-chains of traditional EVM chains, while supporting cross-chains of the main layer 2, such as ETHereum's Arbitrum and Optimism. Current cross-chain assets include ETH, USDC, USDT, DAI, and MATIC.

online time: July 2021

TVL: $ 106 right

xPollinate (suite)

The type of cross-chains supported by xPollinate is also very rich, and in addition to the main EVM-compatible chains, it also supports Polkadot ecosystem Layer 2 cross-chains and EVM-compatible parachain cross-chains.

online time: 19/09

TVL: $ 26.68 right

The end of the article once reminds us of the danger,A project where no security has taken place in the past does not mean that it is completely secure.. Users should also maintain an account using good manners when using connected devices. For example, canceling an appointment in a timely manner or keeping important assets located separate from the daily meeting address. After all, in a crypto world where people are independently governed, the sole responsibility for ourselves is ours. ~