How important are the security and transparency of cross-chain bridges?

DeFi applications have emerged across various chains, becoming the primary application scenario. Cross-chain bridges serve as the link between assets on different blockchains. Currently, major players in the cross-chain bridge space include AnySwap, Poly.Network, Nerve.Network, and ChainSwap. The asset scale and the number of projects involved in cross-chain bridges are substantial, making security extremely important for these bridges.

On July 11, over 20 project assets were stolen from the Chainswap cross-chain bridge. According to data from Etherscan and Bscscan, the hacker's address has profited approximately $2.3 million by selling tokens, with tokens worth hundreds of thousands of dollars yet to be sold. According to responses from some project teams, this may be because developers locked some of the stolen assets, preventing the hacker from selling them. Currently, Chainswap has temporarily shut down its cross-chain bridge.

On the same day, the AnySwap V3 version cross-chain router was attacked, resulting in a loss of approximately $8 million from the cross-chain liquidity pool. According to ChainNews, the AnySwap team will compensate for the losses, and the cross-chain bridge has not been affected.

It seems that hackers have recently targeted the security issues of these cross-chain bridges. The security of cross-chain bridges is crucial, so I took the time to understand the working principles of several cross-chain bridges and would like to share a brief overview for your reference.

AnySwap:

Anyswap uses Fusion's DCRM technology as a cross-chain solution. Anyswap's cross-chain primarily employs multi-party encryption for verification, and DCRM technology is relatively decentralized.

Poly.Network:

Assets are managed by nodes of the council, utilizing cross-chain management contracts (modules) and block header synchronization contracts (modules) for cross-chain asset management. The block header synchronization contract verifies data using multi-signature methods, and transactions are validated through MerkleRoot and transaction Hash. Currently, the asset pool is substantial, and the nodes are not open, making it relatively centralized.

Nerve.Network:

NerveNetwork is an open public chain based on POC+PBFT consensus, featuring final consistency. Its cross-chain functionality is achieved through multi-signature cross-chain contracts, requiring at least 11 virtual bank node accounts on the Nerve mainnet to sign and verify any operation. The virtual banks are dynamically elected through the staking of public chain assets, ensuring node strength and interest alignment. During the cross-chain process, ownership is managed by a multi-signature mechanism, making it a relatively decentralized solution.

ChainSwap:

ChainSwap's implementation mechanism is based on a multi-directional interlocking method using smart contracts to achieve asset mapping across multiple chains. The security of cross-chain assets relies on the implementation of smart contracts.

Conclusion:

With the rise of DeFi, a large number of applications require cross-chain bridges, and the use of cross-chain technology will become increasingly frequent in the future. Currently, cross-chain bridge products have begun to take shape in the market, facing significant challenges in terms of security. It is hoped that cross-chain projects will pay more attention to security issues, as the ultimate test of security still needs to be entrusted to the market and time.