#Wormhole: another bridge exploit.

Our goal is not to capitalize, but highlight the need for change. Exploits needn’t be so commonplace - protocols must adapt to protect users.

#OrionBridge is the most secure bridge in market - built on peer-to-peer atomic swaps. $ORN

1/16 🧵
Recent bridge exploits: what happened?

#Qubit: $80m

QBridge was hacked to create a huge amount of qXETH (wrapped ETH bridged via Qubit) collateral used to drain the entire quantity of BNB stored on QBridge.

2/16
The attacker utilized a deposit option in the QBridge contract to illegally mint 77,162 qXETH to borrow on BSC. Addresses connected to the attack show 206,809 BNB were drained.

3/16
#Multichain (Anyswap): $4m

To enable cross-chain swaps, Multichain router wraps a token with “anyToken” (DAI is wrapped as anyDAI). When a user “transfers” DAI from Ethereum to BSC, anyDAI is added to the Multichain anyDAI BSC contract + burned on anyDAI Ethereum contract.

4/16
The hacker found a vulnerability that affected six token contracts on the Multichain Router. Users’ funds still haven’t been returned. Meanwhile, Multichain relies on just 33 nodes to validate, sign + propagate cross-chain txs, among which part of the private key is shared.

5/16
#Wormhole: $315m

Full details on the exploit are yet to be revealed. However, when a user sends assets from one chain to another, the bridge locks the assets and mints a wrapped version of the funds on the destination chain. Hackers reportedly stole ~120,000 wETH.

6/16
Why can’t #OrionBridge be exploited like these protocols?

While the specifics vary, these exploits ultimately come down to the need for wrapping and minting assets on these protocols.

Meanwhile, Orion Bridge is built on peer-to-peer atomic swaps.

Let’s break that down.

7/16
Atomic swaps:

Atomic swaps are automatic exchange contracts that allow two parties to immediately exchange two assets on different blockchains. On #OrionBridge, there's no wrapping or minting of assets - ever, so we aren't prone to exploits like the above.

8/16
Instead, #OrionBridge enables immediate swapping of one L1 asset for another L1 asset. Users don’t lose ownership of their funds until they receive the corresponding asset on their chosen network.

9/16
The atomic swap mechanism is based on HTLC (Hash-Time Locked Contracts).

The user creates a secret (without revealing it) and in the contract itself, only addresses A, B, hash H of the secret, and a period of time in which this can be opened.

10/16
The output of a transaction on the bridge can only be spent by the receiver (broker) if the sender (user) tells them the ‘secret’, and only within the certain time fixed in the transaction.

So, neither party can “exploit” any stage of the transaction.

11/16
Peer-to-peer:

Peer-to-peer networks enables true decentralization - the direct exchange of an asset between individual parties without the involvement of a central authority.

12/16
Each user is an equivalent owner of and contributor to the bridge. This requires the use of encryption to enable two parties to safely conduct a transaction without the need for a third party or layers of validators.

13/16
Unlike other bridges dependent on validators (prone to 51% attacks), #OrionBridge users swap assets with only one counterparty - one of our brokers.

And with txs recorded on every peer's network, it's “computationally impractical” to overwrite or falsify transactions.

14/16
TLDR:

Other bridges may currently offer more chains + assets, but ultimately leave their users vulnerable to loss and exploitation. What we are building lays the foundation for truly decentralized cross-chain trading, without compromising assets.

15/16
As #OrionBridge grows, and as other bridges continue to succumb to exploitation, we plan to become the leading cross-chain bridge: eventually enabling users to trade any asset across any chain without limits, delays, or exploits.

orionprotocol.io/bridge

$ORN

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Timothea Horwell

Timothea Horwell Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(