1. Home
  2. cross-chain


Zimbabwean Blockchain Startups Launch Service to Help Migrants Efficiently Move Funds Across Borders

Zimbabwean Blockchain Startups Launch Service to Help Migrants Efficiently Move Funds Across BordersTwo Zimbabwean startups, Flexid and Uhuru Wallet, recently launched a platform that offers digital identity and remittance services to migrants living and working in South Africa. The two startups hailed what they’ve described as the “first cross-chain collaboration between the two companies.” Harnessing the Benefits of the Blockchain The Zimbabwean blockchain startup Flex ID and […]

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

‘New frontier’ of crypto laundering involves cross-chain bridges and DEXs: Elliptic

Curve, Uniswap, 1inch, and the Ren bridge were the top platforms of choice for laundering illicit crypto, according to Elliptic.

New research from blockchain analytics and crypto compliance firm Elliptic has revealed the extent to which cross-chain bridges and decentralized exchanges (DEXs) have removed barriers for cybercriminals.

In an Oct. 4 report titled “The state of cross-chain crime,” Elliptic researchers Eray Arda Akartuna and Thibaud Madelin took a deep dive into what they described as “the new frontier of crypto laundering.” The report summarized that the free flow of capital between crypto assets is now more unhindered due to the emergence of new technologies such as bridges and DEXs.

Cybercriminals have been using cross-chain bridges, DEXs, and coin swaps to obfuscate at least $4 billion worth of illicit crypto proceeds since the beginning of 2020, it reported.

Around a third of all stolen crypto, or roughly $1.2 billion, from the incidents surveyed, was swapped using decentralized exchanges.

Delving further into the details, the report noted that more than half of the illicit funds it identified were swapped directly through two DEXs — Curve and Uniswap, with the 1inch aggregator protocol coming a close third.

A similar amount (around $1.2 billion) has been laundered using coin swap services which allow users to swap assets within and across different networks without having an account.

“Many are advertised on Russian cybercrime forums and cater almost exclusively to a criminal audience,” it noted.

Sanctioned entities are increasingly turning to such technologies in order to move funds and carry out cyber-attacks, according to Elliptic.

“Wallets connected to groups eventually sanctioned by the United States – including those used by North Korea to perpetrate multi-million-dollar cyberattacks – have laundered more than $1.8 billion through such techniques.”

In a June report on virtual asset risks, global money laundering, and terrorist financing watchdog, the Financial Action Task Force (FATF), also fingered cross-chain bridges and “chain hopping” as a high risk.

Related: $2B in crypto stolen from cross-chain bridges this year: Chainalysis

The Ren bridge was mentioned as a top choice for crypto laundering with the vast majority of illicit assets, or more than $540 million, passing through it.

“Ren has become particularly popular with those seeking to launder the proceeds of theft,” it said.

One potential solution to mitigate crypto theft was proposed by Stanford researchers last month. It involves an opt-in token standard called ERC-20R that provides the option to reverse a transaction within a set time period.

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Algorand upgrade boosts speed, adds trustless cross-chain communication

Algorand has increased its transaction speed, processing capacity and cross-chain functionality with a major upgrade.

Pure proof-of-stake (PPoS) blockchain Algorand has introduced cross-chain communication and transaction speed improvements with the latest upgrade to its protocol.

The layer-1 blockchain network announced the implementation of State Proofs to its mainnet, which introduces trustless communication between different blockchain protocols. The upgrade also increased Algorand’s processing speed from 1,200 to 6,000 transactions per second.

The upgrade also includes the provision of new tools for developers as well as on-chain randomness capabilities for decentralized applications (DApps) running on Algorand. On-chain randomness is a key feature of Algorand’s PPoS consensus, in which network validators are chosen at random despite the respective amount of staked Algorand (ALGO) tokens.

As Algorand unpacked in a recent Medium post, State Proofs are cryptographic proofs of Algorand’s state that allows DApps on other blockchains to trustlessly verify Algorand transactions. The upgrade also increased the block size to 5 MB and a “sub-4-second block latency and finality.”

The introduction of State Proofs allows Algorand to securely connect to different blockchain networks without using an intermediary. Cross-chain interoperability and connectivity have mainly been powered by cross-chain bridges and validator networks, which have been subject to high-level exploits in recent times.

Algorand touts its quantum-secure, trustless State Proofs as a solution to the centralized nature of storage points in existing cross-chain service providers and platforms. Exploits of cross-chain bridges have resulted in the loss of more than $2 billion in 2022 alone.

Paul Riegle, chief product officer at Algorand, highlighted the upgrade as a significant step in facilitating the growth of Web3 platforms running on its network:

“From State Proofs, which are a game-changing blockchain interoperability security feature, to increased TPS, we are unlocking the tools required for Web3 applications to fulfill their vast potential.”

Algorand’s upgrade is timely considering that Ethereum is on the cusp of its transition from proof-of-work to proof-of-stake (PoS) consensus, with the Merge set to take place in the next couple of weeks. Ethereum’s move to PoS is set to drastically improve the scalability and efficiency of the network while reducing its carbon footprint.

Algorand is the brainchild of MIT professor Silvio Micali, who founded the PPoS blockchain to address what is known as the “blockchain trilemma.” The trilemma suggests that no blockchain can be simultaneously decentralized, scalable and secure.

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Cross-chains in the crosshairs: Hacks call for better defense mechanisms

Cryptocurrency security firms, decentralized finance and cross-chain platforms are stressing the importance of improved defense mechanisms after a spate of hacks and exploits targeting the ecosystem.

2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year.

The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million worth of Solana (SOL) and Solana Program Library (SPL) tokens being pilfered.

deBridge Finance managed to sidestep an attempted phishing attack on Aug. 8, unpacking the methods used by what the firm suspects are a wide-ranging attack vector used by North Korean Lazarus Group hackers. Just a few days later, Curve Finance suffered an exploit that saw hackers reroute users to a counterfeit webpage that resulted in the theft of $600,000 worth of USDC.

Multiple points of failure

The team at deBridge Finance offered some pertinent insights into the prevalence of these attacks in correspondence with Cointelegraph, given that a number of their team members have previously worked for a prominent anti-virus company.

Co-founder Alex Smirnov highlighted the driving factor behind the targeting of cross-chain protocols, given their role as liquidity aggregators that fulfill cross-chain value transfer requests. Most of these protocols look to aggregate as much liquidity as possible through liquidity mining and other incentives, which has inevitably become a honey-pot for nefarious actors:

“By locking a large amount of liquidity and inadvertently providing a diverse set of available attack methods, bridges are making themselves a target for hackers.”

Smirnov added that bridging protocols are middleware that relies on security models of all supported blockchains from which they aggregate, which drastically increases the potential attack surface. This makes it possible to perform an attack in one chain in order to draw liquidity from others.

Related: Is there a secure future for cross-chain bridges? 

Smirnov added that the Web3 and cross-chain space is in a period of nascence, with an iterative process of development seeing teams learn from others’ mistakes. Drawing parallels to the first two years in the DeFi space where exploits were rife, the deBridge co-founder conceded that this was a natural teething process:

“The cross-chain space is extremely young even within the context of Web3, so we’re seeing this same process play out. Cross-chain has tremendous potential and it is inevitable that more capital flows in, and hackers allocate more time and resources to finding attack vectors.”

The Curve Finance DNS hijacking incident also illustrates the variety of attack methods available to nefarious actors. Bitfinex CTO Paolo Ardoino told Cointelegraph the industry needs to be on guard to all security threats:

“This attack demonstrates once again that the ingenuity of hackers presents a near and ever-present danger to our industry. The fact that a hacker is able to change the DNS entry for the protocol, forwarding users to a fake clone and approving a malicious contract says a lot for the vigilance that must be exercised.”

Stemming the tide

With exploits becoming rife, projects will no doubt be considering ways to mitigate these risks. The answer is far from clear-cut, given the array of avenues attackers have at their disposal. Smirnov likes to use a ‘swiss cheese model’ when conceptualizing the security of bridging protocols, with the only way to execute an attack is if a number of “holes” momentarily line up.

“In order to make the level of risk negligible, the size of the hole on each layer should be aimed to be as minimal as possible, and the number of layers should be maximized.”

Again this is a complicated task given the moving parts involved in cross-chain platforms. Building reliable multi-level security models requires understanding the diversity of risks associated with cross-chain protocols and risks of supported chains.

Chief threats include vulnerabilities with the consensus algorithm and codebase of supported chains, 51% attacks and blockchain reorganizations. Risks to the validation layers could include collusion of validators and compromised infrastructure.

Software development risks are also another consideration with vulnerabilities or bugs in smart contracts and bridge validation nodes key areas of concern. Lastly, deBridge notes protocol management risks such as compromised protocol authority keys as another security consideration.

“All these risks are quickly compounded. Projects should take a multi-faceted approach, and in addition to security audits and bug bounty campaigns, lay various security measures and validations into the protocol design itself.”

Social engineering, more commonly referred to as phishing attacks, is another point to consider. While the deBridge team managed to thwart this type of attack, it still remains one of the most prevalent threats to the wider ecosystem. Education and strict internal security policies are vital to avoid falling prey to these cunning attempts to steal credentials and hijack systems.

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Aave devs propose freezing Fantom integration, citing lack of traction and potential vulnerability

The Fantom market on Aave V3 adds just $30 each day to the DeFi protocol's treasury; developers are also concerned that the integration creates security risks.

On Tuesday, Marc Zeller, integration lead at decentralized finance (DeFi) borrowing and lending protocol Aave, proposed to freeze the platform's V3 Fantom market. Created in 2018, Fantom is a directed acrylic graph smart contract platform providing DeFi services, of which Aave is currently bridged. 

Zeller explained the rationale for removing the Fantom bridge:

"After the Harmony bridge event and the recent Nomad bridge exploit, the Aave community should consider the risk/benefits of keeping an active Aave V3 market on Fantom as this network is dependent on any swap (multichain) bridge."

Zeller further explained that the Aave V3 Fantom market did not gain noticeable traction, with a current market size of $9 million and $2.4 million of open borrowing. In comparison, the Aave protocol has a total value locked of $3.48 billion. Meanwhile, the Fantom market on Aave only generates approximately $300 per day for the borrowing-lending protocol, of which $30 goes to the Aave Treasury.

If passed, the Aave Improvement Protocol would allow users to repay their debts and withdraw but block further deposits and borrowings in this market. After five days, a community vote will be held to determine the future of Aave V3 Fantom. The Aave team wrote:

"The risk of exposing users to potentially losing millions of $ due to causes exterior to intrinsic Aave security is considered not worth the $30 of daily fees accrued by the Aave treasury."

Related: Backlash as Harmony proposes minting 4.97B tokens to reimburse victims

Multichain bridging, while praised by some as a pinnacle of interchain communications, has been criticized by skeptics such as Vitalik Buterin for its supposed fragility. Earlier on Tuesday, the Nomad token bridge was drained for $190 million after hackers discovered a single code exploit that anyone could replicate, leading to a "decentralized robbery" as other users joined in on the initial hacker's siphoning of funds. 

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Aurora pays $6M bug bounty to ethical security hacker through Immunefi

Over $200 million worth of users' funds could have been at risk if the whitehat chose to exploit the vulnerability for personal gain instead of reporting it to developers.

On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly placed over $200 million worth of capital at risk. The sum was paid in collaboration with Immunefi, a leading platform for Web 3.0 bug bounties, with $145+ million bounties available and $45+ million bounties paid out.

On April 26, Immunefi received a report from pwning.eth about a critical flaw in the Aurora Engine that would have enabled the infinite minting of ETH in the Aurora Ethereum Virtual Machine as to drain and siphon the corresponding nested ETH (nETH) pool on NEAR. At the time of discovery, the pool contained more than 70,000 ETH worth at least $200 million.

Mitchell Amador, founder and CEO at Immunefi, said: "Hats off to Aurora and pwning.eth for the flawless overall processing of the report. The bug was quickly patched, with no user funds lost." Aurora had launched a bug bounty program with Immunefi just one week before discovering the security vulnerability. Meanwhile, Frank Braun, head of security at Aurora Labs, commented: "We look at the bug bounty program as the last step in a layered defense approach and will use this bug as a learning opportunity to improve earlier steps, like internal reviews and external audits.

Though arguably innovative, cross-chain communication protocols have been a prime target of hackers as of late. In February, one of the largest decentralized finance hacks occurred when the Wormhole token bridge was drained of over $321 million in digital assets after hackers exploited an infinite minting glitch between its wrapped ETH and ETH pool. 

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Terra Collapse Continues to Plague Defi — Value Locked in Cross-Chain Bridges Down 20% This Month

Terra Collapse Continues to Plague Defi — Value Locked in Cross-Chain Bridges Down 20% This MonthFollowing the aftermath of the Terra blockchain fiasco, decentralized finance (defi) continues to feel the impact of the project’s fallout. During the last four days the total value locked (TVL) in defi has dropped 2.61% in value, and cross-chain bridges have lost roughly 20.3% during the last 30 days. Value Locked in Cross Chain Bridge […]

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Terra’s Cross-Chain Bridge Now Supports Solana, Avalanche, Fantom, Moonbeam, Osmosis

Terra’s Cross-Chain Bridge Now Supports Solana, Avalanche, Fantom, Moonbeam, OsmosisTerra Bridge, the cross-chain bridge protocol now supports Solana, Fantom, Moonbeam, Osmosis, and Avalanche according to Terraform Labs CEO Do Kwon. “Easiest way to move funds in crypto,” the Terraform Labs CEO explained in a tweet. Terra Bridge Adds 5 New Chains On April 12, 2022, Terraform Labs co-founder Do Kwon told his 352,800 Twitter […]

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Layerzero Labs Secures $135 Million to Bolster Cross-Chain Interoperability

Layerzero Labs Secures 5 Million to Bolster Cross-Chain InteroperabilityLayerzero Labs, the firm behind the interoperability protocol Layerzero, has revealed the company has raised $135 million in a Series A+ finance round led by Andreessen Horowitz (a16z), FTX Ventures, and Sequoia Capital. The new financing brings Layerzero Labs’ overall valuation to $1 billion and the funds will be leveraged to develop cross-chain decentralized applications […]

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney

Harmony launches Bored Ape Yacht Club NFT Passport

Announced live at ETH Denver, the upcoming NFT Passports also feature cross-chain support.

On Friday, blockchain platform Harmony — whose mainnet runs on the Ethereum network, claiming to have two-second transaction finality and fees 1,000 times lower than Ethereum — announced the launch of its Bored Ape Yacht Club Passport. The Passport enables users to import proof of their apes into DeFi Kingdoms, a play-to-earn game built on the Harmony blockchain with over 120,000 monthly active users. During its initial stages, Ape holders will be able to validate and display their assets in the game across multiple blockchains when they connect their MetaMask wallet to DeFi Kingdoms.

The infancy of cross-chain technology means that funds could be at risk when bridging across chains, as the biggest decentralized finance hack thus far this year showed. However, as stated by its developers, Harmony’s Passport does not move assets; instead, it proves asset ownership across multiple blockchains, guaranteeing their authenticity throughout. Its cross-chain bridge, Horizon, currently supports interoperability between Harmony, Ethereum, BNB Chain and three other blockchains.

Leo Chen, a team member at Harmony, explained:

“We wanted to give all NFT holders more utility and options to display their NFTs and participate in the Metaverse. Bored Ape Yacht Club holders are the first choices. The cross-chain identity creates a secure and easy way to do so without putting their assets at risk.”

In a similar gesture, last month, Twitter kicked off its nonfungible token campaign, allowing its paid subscribers to show off their NFT possessions as profile pictures. However, the technical functionalities of the feature are in the testing phase, with only Ethereum-based NFTs eligible and no support for cross-chain functionalities.

‘Operation Choke Point 2.0’ may have contributed to SVB collapse: Mulvaney