XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges

Abstract: Cross-chain bridges are a type of middleware for blockchain interoperability that supports the transfer of assets and data across blockchains. However, several of these bridges have vulnerabilities that have caused 3.2 billion dollars in losses since May 2021. Some studies have revealed the existence of these vulnerabilities, but there is little quantitative research available, and there are no safeguard mechanisms to protect bridges from such attacks. Furthermore, no studies are available on the practices of cross-chain bridges that can cause financial losses. We propose \toolName~(Cross-Chain Watcher), a modular and extensible logic-driven anomaly detector for cross-chain bridges. It operates in three main phases: (1) decoding events and transactions from multiple blockchains, (2) building logic relations from the extracted data, and (3) evaluating these relations against a set of detection rules. Using \toolName, we analyze data from two previously attacked bridges: the Ronin and Nomad bridges. \toolName~was able to successfully identify the transactions that led to losses of \$611M and \$190M (USD) and surpassed the results obtained by a reputable security firm in the latter. We not only uncover successful attacks, but also reveal other anomalies, such as 37 cross-chain transactions (\CCTX) that these bridges should not have accepted, failed attempts to exploit Nomad, over \$7.8M worth of tokens locked on one chain but never released on Ethereum, and \$200K lost by users due to inadequate interaction with bridges. We provide the first open dataset of 81,000 \CCTXS~across three blockchains, capturing more than \$4.2B in token transfers.

• The paper introduces XChain Watcher, a real-time monitoring system for detecting attacks on cross-chain bridges.
• XChain Watcher uses a Datalog engine to identify discrepancies in cross-chain transactions across different blockchain environments.
• Real-world testing showed XChain Watcher detecting breaches on Ronin and Nomad bridges, securing over $800M in potential losses.

"XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges" (2410.02029)

Introduction

Cross-chain bridges are essential mechanisms for blockchain interoperability, facilitating asset transfers across heterogeneous blockchains. Despite their utility, these bridges have been prone to vulnerabilities, resulting in financial losses amounting to $3.2 billion since May 2021. The absence of quantitative safeguards underscores the need for real-time monitoring systems. This paper introduces XChain Watcher, a pioneering system designed to address these vulnerabilities by detecting attacks against cross-chain bridges as they occur.

Methodology

XChain Watcher utilizes a cross-chain model underpinned by a Datalog engine, which is adaptable to any bridge architecture. This pluggable system analyzes cross-chain transactions (cctxs) and bridge events to reveal attack patterns and unintended operational behaviors. The model captures critical security properties, such as integrity and accountability, by contrasting expected cross-chain rules against actual blockchain activities. Tested on the Ronin and Nomad bridges, XChain Watcher successfully identified significant breaches, accounting for losses of $611M and$190M, respectively.

Empirical Analysis and Results

The paper details an empirical study using an open-source dataset of over 81,000 cctxs across three blockchains, covering more than $4.2 billion in token transactions. Results demonstrate numerous anomalies including unauthorized cross-chain transactions, failed exploitation attempts, and instances of user funds trapped due to inadequate bridge interaction.

Key Findings:

• Hacks Detection: XChain Watcher detected known attacks efficiently, such as $7.8M locked funds unreleased on Ethereum and$200K lost due to improper bridge interactions.
• Data Analysis: Analysis of bridge events revealed substantial discrepancies in both token deposits and withdrawals, particularly highlighting failed transactions due to unmatched events.

Discussion

The research outlines the implications of the identified vulnerabilities, emphasizing the role of cross-chain models in monitoring bridge security. The study proposes extending the monitoring framework to other bridges, potentially uncovering new attack vectors and enhancing real-time response capabilities.

Limitations and Future Work: The paper acknowledges the limitations tied to bridge-specific implementation nuances, which might require tailored cross-chain rules. Future endeavors may focus on all-encompassing surveillance across various bridges, increasing security posture across multiple protocols.

Conclusion

XChain Watcher provides a robust tool for protecting cross-chain bridges by offering real-time surveillance and anomaly detection. As the first empirical study on cross-chain security, it highlights a user awareness gap concerning fund recovery processes, stressing the need for improved user interfaces and protocols to mitigate financial losses. The availability of an open-source dataset and findings further paves the way for continued research in cross-chain security frameworks.