Many blockchain bridges are built using weak security assumptions rendering them simply unsafe for the transfer of value. Only truly trustless systems, where the bridge operator does not have the power — nor the keys — to compromise or fabricate transactions, can solve this urgent issue for bridges and their users.
Bridges have answered the challenge of interoperability that has inevitably arisen following the boom in the blockchain industry in 2021, which saw a 1,200% growth in the total value locked in global DeFi (decentralized finance) smart contracts. Developers desire an ever-expanding user base for their networks, while investors are increasingly interested in opportunities and liquidity across multiple blockchains. When a new blockchain is launched, users need to know that they can bridge their assets from that blockchain to Ethereum, which is still home to most of the liquidity and applications, or conversely, that they can transfer the value they already hold on Ethereum into the new environment.
In response, many companies have built bridges that enable users to move assets between different blockchains, paving the way for a new surge in uptake of these alternative networks, and users have flocked to them without asking sufficient diligence. Yet the value and efficiency of blockchain technology lie in the way it shifts risk from third parties and intermediaries to the technology layer. If the technology layer has gaps in security, then the risks can be substantial.
The problem with blockchain bridges
Many bridges require users to place trust in a centralized operator, which negates the security benefits of decentralization. Even federation of bridge operation is not sufficient, as the power granted to bridge operators in most bridge solutions still leaves major gaps. Indeed, for many users, the risk to assets held in these bridges has already been made painfully clear.
High-profile hacks have exposed the security shortcomings of many bridges. Coming mere weeks after the attack on the Wormhole bridge that compromised US$325 million in assets, the recent Ronin bridge hack reinforced the message, to the tune of more than US$600 million, that many of the blockchain industry’s bridges lack the technical integrity that they — and their users — sorely need.
Most bridges will lock tokens on the source blockchain, and mint new “wrapped” tokens on the destination blockchain. The original locked tokens remain locked as collateral until the tokens return in a reverse operation when the wrapped tokens are “burned” and the locked tokens are released. The pools of locked tokens represent a honey pot for any hacker, and, when compromised, the value of the unbacked wrapped tokens on the destination chain is called into question.
This issue was raised at Algorand’s last Decipher conference in November 2021, but the subsequent attacks on the Wormhole and Ronin bridges, in which nearly US$1 billion of assets were compromised, reflect just how urgently the industry must recognize the risks of networks that have very little decentralization.
And this is an industry-wide issue. While any attack is of course extremely damaging for the individual bridge that it targets, each one further undermines confidence in the concept of blockchain bridges as a whole. The value of assets held on bridges has risen from US$670 million to more than US$32 billion since the start of 2021, but the industry cannot unlock its next stage of growth without providing a bridging solution of whose security users can be certain.
What are the solutions?
Ironically, the security that users can truly believe in can only be delivered by “trustless” solutions. Trustless systems mitigate the security risks associated with more centralized (or even federated) bridges by removing the need for users to place trust in an operator.
The most innovative companies are already developing cross-chain bridges that will utilize new security measures such as “state proofs,” when these become available. State proofs are a new cryptography feature, an immutable chain of proofs that verify the status of assets held on its blockchain. This enables smart contracts on the target chain to process transactions from the original chain.
State proofs will help connect the original chain to the broader blockchain world, enabling users to complete cross-chain transactions efficiently, cost-effectively, and securely. They will therefore also provide a blueprint for other cross-chain solutions looking to close the security loopholes of more centralized systems.
Next-generation security measures such as state proofs will be critical for the long-term viability of blockchain bridge projects. They will solve an urgent security issue and will therefore encourage more investors to use these solutions to transfer their assets across chains.