over 1 billion $$$ stolen through bridges in 2022 alone we need better solutions this is why @union_build is developing the most secure bridge we have in crypto to understand it, we need to look at how most bridge hacks happen and what Union is doing differently a thread 🧵

there are 4 common bridge vulnerabilities that have been exploited, let's go through them 👇🏻 1. Multisig Compromise some bridges relied on a small set of keys (often 3-of-5 or 5-of-9 multisigs) to validate transfers across chains if these keys are compromised (via phishing, inside jobs etc.), the attacker can mint or drain funds the $625M Ronin Bridge hack is a perfect example attacker took control of validator keys and authorized fake withdrawals to his own accounts it was one of the biggest hacks in crypto history 🚨

2. Oracle / Relayer Manipulation when you depend on off-chain third parties (oracles, relayers) to verify information on-chain, you're vulnerable if these actors go rogue, they can lie about chain state, causing incorrect behavior on the target chain back in 2022, LayerZero faced criticism from security researcher @samczsun because their contracts had upgradable relayers + oracles, controlled by the team this was a massive vulnerability and if compromised, they attackers could steal all the funds passing through the protocol

3. Smart Contract Bugs most bridges have complex smart contracts with lots of possible vulnerabilities any small bug can let attackers bypass validation or drain liquidity the $190M Nomad bridge exploit is the best example it was a shockingly simple contract flaw a routine upgrade mistakenly set the validation check to always return 'true' anyone could copy-paste an old transaction and move bridge funds to their own accounts the whole crypto community saw people copy-pasting attack code from Twitter, it was pure insanity

4. Wrapped Token Risks many bridges used wrapped assets, which are only as good as the bridge that backs them if the bridge gets compromised, the wrapped tokens are worthless, there’s no real ETH to redeem in a $321M hack, the attacker exploited a bug in Wormhole’s smart contract that let them mint 120,000 WETH on Solana without depositing any ETH on Ethereum they tricked the system into thinking ETH had been deposited Wormhole lost $321 million worth of real funds and had to pay users from their own pocket

without going into technical details (I'm too rerarded for that) this is what @union_build does differently: - no multisigs or oracles - ZK-Proofs for validation - native assets, not wrapped tokens is the Union bridge absolutely unhackable? no, nothing is but their tech removes most centralized points of failure, replaces trust with cryptographic proof, eliminates oracles/multisigs and avoids wrapping risk it's as close as we can get to total security today 🗿