# Web3's Broken bridges. By [edbert kay](https://paragraph.com/@edbert-kay) · 2023-08-05 --- “ London bridge is falling down, falling down, falling down, London bridge is falling down my fair lady ”. Like the London bridge the news regarding some of web3’s broken bridges were quite devastating and worrying. One may wonder if these hacks would stop or become more severe. On the contrary building a bridge that is beyond hacks is not an impossibility it only requires an architect to think in terms of resilience and robustness of his bridge architecture. ![broken 'n' fallen cross-chain bridges of web3.](https://storage.googleapis.com/papyrus_images/81e22c6f714e2e235903b9d4f1a6892678449307d6a07655b961f66d0747dca6.png) broken 'n' fallen cross-chain bridges of web3. Let’s dive in, what could lead or result into this massive bridge collapse. Cross chain bridges are a crucial component of the web3 cyberspace, interconnecting different sovereign blockchain protocols and their respective consensus mechanisms together. It’s web3’s cross messaging layer without it there is nothing like sending message in form of text or transaction from one chain to the other. so how were they hacked? ------------------------ Euler lending protocol (my favorite), BSC, Wormhole these protocols experienced **_FAKE EVENTs_**. With fake events an attacker a bad actor is able to generate a fake deposit or deposit a valueless token into a liquidity pool and claim large amounts this is also known as magic money. Validators like Gatekeeper’s, & watchmen are the watchmen of the web3 cyberspace listening out for transactions and authenticating them by telling the network that they have witnessed a transaction and it is true. In the case **_Ronin’s hack_** bad actors were able to take over the validator network in order words their validation keys stolen and since they are interconnected having access to one validator enables you access to the others. This category of attack occurs mainly when bad actors have been able to identify an **_access control bugs in your library or in your program logic._** Imagine you received an email from a sender whose email address closely resembles one of the mail addresses in your contact list with the sender requesting you to carry out some instruction. This deceptive technique is further explored to identify \*\*_message verification bugs_ \*\*existing both in your contract library and within the program logic of your smart contract. The **_Poly hack_** event occurred due to message verification bugs occurring within the program logic of the smart contract, therefore bad actors could fake up transactions which are not properly verified or by-passing the verification process and submitting a transaction that will enable him/her withdraw tokens to different accounts. **_Validator takeover_** is another bridge hacking technique. This method of attacking bridges is a simultaneous event such that once an **_access bug_** has been discovered within your program then validator take over is bound to happen since bad actors now have access to **_private keys_** of **_validators_**. In my second episode **_watch-out for how to re-engineer cross chain bridges from a security point of view._** --- *Originally published on [edbert kay](https://paragraph.com/@edbert-kay/web3-s-broken-bridges)*