#Wormhole: another bridge exploit.
Our goal is not to capitalize, but highlight the need for change. Exploits needn’t be so commonplace - protocols must adapt to protect users.
#OrionBridge is the most secure bridge in market - built on peer-to-peer atomic swaps. $ORN
1/16 🧵
Our goal is not to capitalize, but highlight the need for change. Exploits needn’t be so commonplace - protocols must adapt to protect users.
#OrionBridge is the most secure bridge in market - built on peer-to-peer atomic swaps. $ORN
1/16 🧵
Recent bridge exploits: what happened?
#Qubit: $80m
QBridge was hacked to create a huge amount of qXETH (wrapped ETH bridged via Qubit) collateral used to drain the entire quantity of BNB stored on QBridge.
2/16
#Qubit: $80m
QBridge was hacked to create a huge amount of qXETH (wrapped ETH bridged via Qubit) collateral used to drain the entire quantity of BNB stored on QBridge.
2/16
The attacker utilized a deposit option in the QBridge contract to illegally mint 77,162 qXETH to borrow on BSC. Addresses connected to the attack show 206,809 BNB were drained.
3/16
3/16
#Multichain (Anyswap): $4m
To enable cross-chain swaps, Multichain router wraps a token with “anyToken” (DAI is wrapped as anyDAI). When a user “transfers” DAI from Ethereum to BSC, anyDAI is added to the Multichain anyDAI BSC contract + burned on anyDAI Ethereum contract.
4/16
To enable cross-chain swaps, Multichain router wraps a token with “anyToken” (DAI is wrapped as anyDAI). When a user “transfers” DAI from Ethereum to BSC, anyDAI is added to the Multichain anyDAI BSC contract + burned on anyDAI Ethereum contract.
4/16
The hacker found a vulnerability that affected six token contracts on the Multichain Router. Users’ funds still haven’t been returned. Meanwhile, Multichain relies on just 33 nodes to validate, sign + propagate cross-chain txs, among which part of the private key is shared.
5/16
5/16
#Wormhole: $315m
Full details on the exploit are yet to be revealed. However, when a user sends assets from one chain to another, the bridge locks the assets and mints a wrapped version of the funds on the destination chain. Hackers reportedly stole ~120,000 wETH.
6/16
Full details on the exploit are yet to be revealed. However, when a user sends assets from one chain to another, the bridge locks the assets and mints a wrapped version of the funds on the destination chain. Hackers reportedly stole ~120,000 wETH.
6/16
Why can’t #OrionBridge be exploited like these protocols?
While the specifics vary, these exploits ultimately come down to the need for wrapping and minting assets on these protocols.
Meanwhile, Orion Bridge is built on peer-to-peer atomic swaps.
Let’s break that down.
7/16
While the specifics vary, these exploits ultimately come down to the need for wrapping and minting assets on these protocols.
Meanwhile, Orion Bridge is built on peer-to-peer atomic swaps.
Let’s break that down.
7/16
Atomic swaps:
Atomic swaps are automatic exchange contracts that allow two parties to immediately exchange two assets on different blockchains. On #OrionBridge, there's no wrapping or minting of assets - ever, so we aren't prone to exploits like the above.
8/16
Atomic swaps are automatic exchange contracts that allow two parties to immediately exchange two assets on different blockchains. On #OrionBridge, there's no wrapping or minting of assets - ever, so we aren't prone to exploits like the above.
8/16
Instead, #OrionBridge enables immediate swapping of one L1 asset for another L1 asset. Users don’t lose ownership of their funds until they receive the corresponding asset on their chosen network.
9/16
9/16
The atomic swap mechanism is based on HTLC (Hash-Time Locked Contracts).
The user creates a secret (without revealing it) and in the contract itself, only addresses A, B, hash H of the secret, and a period of time in which this can be opened.
10/16
The user creates a secret (without revealing it) and in the contract itself, only addresses A, B, hash H of the secret, and a period of time in which this can be opened.
10/16
The output of a transaction on the bridge can only be spent by the receiver (broker) if the sender (user) tells them the ‘secret’, and only within the certain time fixed in the transaction.
So, neither party can “exploit” any stage of the transaction.
11/16
So, neither party can “exploit” any stage of the transaction.
11/16
Peer-to-peer:
Peer-to-peer networks enables true decentralization - the direct exchange of an asset between individual parties without the involvement of a central authority.
12/16
Peer-to-peer networks enables true decentralization - the direct exchange of an asset between individual parties without the involvement of a central authority.
12/16
Each user is an equivalent owner of and contributor to the bridge. This requires the use of encryption to enable two parties to safely conduct a transaction without the need for a third party or layers of validators.
13/16
13/16
Unlike other bridges dependent on validators (prone to 51% attacks), #OrionBridge users swap assets with only one counterparty - one of our brokers.
And with txs recorded on every peer's network, it's “computationally impractical” to overwrite or falsify transactions.
14/16
And with txs recorded on every peer's network, it's “computationally impractical” to overwrite or falsify transactions.
14/16
TLDR:
Other bridges may currently offer more chains + assets, but ultimately leave their users vulnerable to loss and exploitation. What we are building lays the foundation for truly decentralized cross-chain trading, without compromising assets.
15/16
Other bridges may currently offer more chains + assets, but ultimately leave their users vulnerable to loss and exploitation. What we are building lays the foundation for truly decentralized cross-chain trading, without compromising assets.
15/16
As #OrionBridge grows, and as other bridges continue to succumb to exploitation, we plan to become the leading cross-chain bridge: eventually enabling users to trade any asset across any chain without limits, delays, or exploits.
orionprotocol.io/bridge
$ORN
orionprotocol.io/bridge
$ORN
• • •
Missing some Tweet in this thread? You can try to
force a refresh
