As Ethereum gas fees soared to record highs during the 2021 bull market, rendering many decentralized finance (DeFi) protocols unusable for casual users, several projects were forced to deploy on other chains.
This created a huge surge in demand for cross-chain mechanisms – called bridges – able to securely transfer user assets from one chain to another. Cross-chain bridges can generally be divided into centralized custodial bridges (CCB) and Decentralized non-custodial bridges (DNCB).
As can be expected, the surging demand for cross-chain bridges resulted in the emergence of a fresh wave of protocols of varying repute. As cross-chain bridges serviced an increasingly valuable pool of user assets, it was only a matter of time before malicious actors and hackers took notice.
Generally speaking, hackers will target DNCBs because they can exploit shortcomings in protocols designed by inexperienced development teams. An experienced hacker can easily take advantage of errors in logic or loopholes embedded into the cryptography and design of a poorly designed protocol.
This brings us to today: the aftermath of multiple attacks on cross-chain bridges. Another blackeye on a battle-worn industry. To recap, only in the month of July 2021:
- ChainSwap suffered a hack on July 2nd, worth approximately $800K in user assets.
- AnySwap V3 liquidity pools suffered a hack on the 10th day of July, worth nearly $8M in $USDC and $MIM. AnySwap is a cross-chain DEX powered by the Fusion Network.
- ChainSwap suffered another hack, only 9 days after the first hack. This time worth $4M in user assets. ChainSwap is an Alameda-backed platform that bridges Ethereum to Binance Smart Chain.
The primary purpose of this editorial is to educate and introduce, in relative detail, two often-ignored-yet-vital elements of decentralized cross-chain bridges: the random number ‘k’ involved in Secure Multi-Party Computation (SMPC) and its derivative ‘R’.
The AnySwap Hack: Two is Not Always Better Than One
Reportedly, the AnySwap hack happened because two separate transactions were signed using the same ‘R’ value. The hacker used these two signatures to reverse engineer the private key controlling AnySwap’s cross-chain MPC account and stole users’ funds.
But what, exactly, is an ‘R’ value?
What is ‘R’ – the Achilles Heel of Account Security
One of the first lessons everyone in blockchain learns is that the funds in your wallet are controlled by your private key.
You’ve all heard the phrase: “not your keys, not your coins.” This idiom means that any individual who has a wallet’s private key has full control over the assets in that wallet. Indeed, the only thing needed to transfer funds from one account to another is to sign a transaction with that account’s private key.
At present, the standard digital signature algorithm used in blockchains is the Elliptic…
Read More: cryptopotato.com
Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
Solana 
USDC 
Lido Staked Ether 
Cardano 
Dogecoin 
Avalanche 
TRON 
Chainlink 
Polkadot 
Toncoin 
Polygon 
Wrapped Bitcoin 
Shiba Inu 
Litecoin 
Dai 
Bitcoin Cash 
Uniswap 
LEO Token 
Stellar 
OKB 
Monero 
Kaspa 
Cosmos Hub 
Ethereum Classic 
TrueUSD 
Cronos 
NEAR Protocol 
Hedera 
Filecoin 
Internet Computer 
Aptos 
Lido DAO 
Bittensor 
THORChain 
Mantle 
VeChain 
Immutable 
Quant 
BUSD 
Optimism 
The Graph 
Stacks 
Injective 
Aave 
Render