The use and trading of crypto tokens have become a norm for many people. Investors who want to start small and cannot put their money into the top 10 cryptocurrencies can have their pick. These tokens allow the users to take advantage of the lower gas fees and also allow them to build their capital with relatively smaller investments.
The crowded blockchain ecosystems like Ethereum have seen a rise in gas fees during the current year. Therefore the demand for cross-chain projects has been increasing. These cross-chain projects, also known as bridges, can be classified into centralized and decentralized custodial options. While investors are rushing to these bridges, the hackers and threat actors are also attacking these platforms to rake in a hefty amount of scam money.
DeFi Token Bridges are more Vulnerable to Hacking Threats
The DNBCs or the decentralized custodial bridges are often an easier target for hackers to attack. Usually, these projects are developed by amateur developers who have set up the entire project in a limited amount of time. On the other hand, the hackers find it easier to take advantage of the lack of technical audit and programming loopholes that they can exploit.
In July 2021, a series of cyber-attacks were launched on several cross-bridge projects that were decentralized by nature. The first attack was made on ChainSwap, where hackers took off with $800K worth of tokens. The second attack was directed towards AnySwap. Hackers took control of the V3 liquidity pool and looted around $8M in USDC as well as MIM tokens.
The ECDSA or the Elliptic Curve Digital Signature Algorithm is a non-deterministic protocol that is a necessary part of every blockchain transaction. The users are aware of handling their private keys with great care. However, in many cases, the hackers can take possession of the private keys for the users who are on DNBCs.
When a transaction takes place, a secure cryptographic code is generated against it. It is necessary to calculate the elliptic curve for confirmation. During this process, a unique ECDSA signature is crucial. If more transactions using the same cryptographic code are conducted, the hackers can get hold of the private key.