Growth in Digital Assets Trade Puts the Spotlight on Blockchain Bridge Security Risks
Adi Ben-Ari is the Founder and CEO of data security specialist Applied Blockchain.
The exponential growth in the trade of digital assets across different blockchain platforms in recent years has been accompanied by the emergence of blockchain bridges, or token bridges, that create interoperability between blockchains.
These bridges did not come under the same technical scrutiny as the blockchains themselves, and the strong demand for their use lead to the proliferation of bridges with relatively weak security mechanisms introducing substantial risk in the transfer of value, and subsequent issues have fuelled perceptions about the risks associated with blockchain and cryptoassets.
Blockchain bridges are applications that enable people to move digital assets from one blockchain to another, thereby allowing cryptoassets to be used on multiple blockchains. Demand for bridges stemmed from the need to move away from the high gas fees of the Ethereum (ETH) blockchain, onto faster, lower-cost blockchain environments. Blockchain bridge solutions enable connectivity and liquidity flows across different blockchains and are a vital mechanism in the broader crypto ecosystem.
As the digital asset market grows, so do the risks associated with low-security bridges.
By August last year, the global market capitalization of cryptoassets was more than USD 2tn, more than double what it had been at the end of 2020. After topping USD 3tn in late October, it is now back to almost USD 1tn. Additionally, last year we saw 1,200% growth in the total value locked in global DeFi smart contracts.
Earlier this year came two stark reminders of the flaws in the security of some blockchain bridges. The USD 320m hack on the Solana (SOL) Wormhole bridge in February and an attack on the Ronin bridge in March showed that hackers had identified a weak link. The theft by siphoning off around USD 600m worth of ETH and USDC stablecoin from the Ronin network was one of the biggest heists in the history of crypto. The Ronin attack in particular highlights the risks of networks that have very little decentralization.
Some will say this illustrates how crypto interoperability and DeFi are fundamentally flawed, but the reality is that the technology has already moved on.
With the right approach and applying new technology in this particular area, it is possible to substantially reduce the risk of bridge hacks and make the process significantly more secure.
Solution lies with decentralized “trustless” bridges
The problem with many bridges is that they require users to place trust in a centralized operator, or a small number of federated operators, which undermines the security assumptions of decentralization.
Most bridges lock tokens on the source blockchain, and mint new “wrapped” tokens on the destination blockchain. The original locked tokens remain locked as collateral until the tokens return in a reverse operation when the wrapped tokens are “burned,” and the locked tokens are released. The pools of locked tokens represent a honey pot for any hacker, and, when compromised, the value of any unbacked wrapped tokens on the destination chain is called into question.
While any attack is extremely damaging for the individual bridge that it targets, each one further undermines confidence in the whole concept of blockchain bridges with wrapped assets.
The value of assets held on bridges has risen to more than USD 32bn from USD 670m since the start of 2021, but the industry cannot unlock its next stage of growth without providing substantially more secure bridging solutions.
Bringing that security certainty, that users can truly rely upon, can only be delivered by “trustless” solutions. Trustless systems mitigate the security risks associated with more centralized (or even federated) bridges by removing the need for users to place trust in a third-party operator.
Certain companies have already begun to deliver these trustless solutions through new tools, such as Intel’s hardware security enclave (SGX). Moreover, the Algorand (ALGO) blockchain, for instance, will soon be able to rely on state proofs, an immutable series of proofs that verify the status of assets held on the Algorand blockchain. This enables smart contracts on the target chain to fully verify and process transactions emanating from the Algorand chain.
Next-generation security measures will help connect on-chain assets to the broader blockchain world, enabling users to complete cross-chain transactions efficiently, cost-effectively, and securely.
They will provide a blueprint for other cross-chain solutions looking to close the security loopholes of more centralized systems. Moreover, they will solve an urgent security issue and thereby encourage more investors to use these solutions to transfer their assets across chains.
They are therefore critical for the long-term viability of blockchain bridge projects.
Back to the list