DeFi has once again experienced a huge step back; this time with the closing of Gravity Bridge – an existing medium for DeFi participants to connect their cryptocurrency transactions on the Ethereum blockchain to their cryptocurrency transaction on the Cosmos blockchain – due to an alleged security breach. Following the news that approximately $5.4 million had been withdrawn without consent from the overall system, validators and investors alike have gone into overdrive attempting to determine how such an event could have happened overnight.
A Sudden Halt to Operations
The alarm was sounded over the weekend when analysts noticed highly unusual outflows from the network. An on-chain researcher, known simply as Specter, took to social media to alert the community, suggesting the core contract key was severely compromised. Shortly after, the development team officially acknowledged the unfortunate situation. Without immediately providing deep technical specifics, they urgently advised network validators to halt all operations to prevent further losses while a formal probe launched.
Tracking the Missing Millions
Immediately after the theft, the security companies were able to track the movement of the stolen assets. PeckShield analysts have analyzed how much money was lost and what made up the missing money to illustrate the devastating financial effect. The attackers walked away with approximately $4.3 million in USD Coin, over half a million dollars worth of Wrapped Ether, and substantial amounts of Tether and PAX Gold tokens.
The path of the stolen money paints a familiar picture of digital money laundering. Experts reported that a portion of the illicit haul was already funneled through the instant-swap service ChangeNow and the Binance exchange to obscure the digital trail. However, roughly $4.23 million held in Ethereum remained sitting dormant in the attacker’s primary wallet shortly after the initial breach was discovered.
How Did the Hack Happen?
The occurrence of the event will include a detailed review of what happened; however, it appears that the actual key may already have been compromised prior. Gravity Bridge allows tokens to travel freely between the Ethereum network and any Cosmo-based app. Gravity Bridge is different from most other bridges because it uses the entire set of validators to approve the token transfer requests instead of just a few centralized entities. Hence, the primary goal of the network is to provide users with a decentralized and secure way to transfer tokens. Yet, if a bad actor were able to obtain the key that is used to approve token transfers, the bad actor would be able to circumvent these community security measures entirely and exfiltrate funds.
Impact on the Native Token
The attack’s effect on open markets was immediate. Graviton, the native token of validators securing Gravity Bridge, was hit hard in value as news of the exploit hit the news; within one day of trading, it had dropped by approximately 4% (relative to the previous day). Although this decline appears to be small given the magnitude of the theft, it serves to illustrate how fragile trust is in these types of complex ecosystems.
Ripple Effect on Institutional Investors
This event occurs an extremely sensitive point in time for the larger crypto-market. Financial Institutions have slowly been working on decentralized finance; however, security problems with bridge networks have raised significant doubts about using these assets. Major market analysts have been reporting on the security of cross-chain bridges as a major impediment to institutional scale adoption.
The incident at Gravity Bridge is not the only problem we have seen lately. At the start of this year, many high-profile cyber-attacks were reported including a massive breach of $290 million dollars involving the infamous Lazarus Group. Once bridges become compromised, panic spreads quickly throughout the sector, resulting in large amounts of capital leaving those networks. If decentralized finance hopes to successfully attract and retain major Wall Street capital, solving these underlying infrastructure vulnerabilities must become an absolute priority.
