Interoperability is critical for the growth of Web 3.0 technologies and the broader crypto ecosystem. Users are limited to using a single blockchain without interoperability, preventing them from connecting with other networks and reaping the benefits of a more open and interconnected system.
However, Web 3.0 is only as secure as the systems that support it, and a permissionless and trustless future is a disaster waiting to happen if proper security is not implemented.
A bridge is, by definition, a continuation of a blockchain, and as such, it must fully meet the blockchain’s core requirements of being trustless, decentralized, and secure.
The interoperability trilemma is a concept that requires bridges to be trustless, extensible, and agnostic (able to transfer any type of data supported by chains). Cross-chain transactions have more points of failure and thus higher security risks than interacting within a single network. While individual networks’ security issues are not fully resolved, bridges pose additional challenges.
Regardless of how the bridge is designed, the funds must be stored in a smart contract or with a centralized custodian, which becomes a honeypot for black-hat hackers. Smart contracts that run across multiple blockchains are more complex, making them more vulnerable to errors and malicious attacks. In fact, 50% of DeFi exploits target cross-chain bridges. Hackers have stolen approximately $2.5 billion in the last two years by exploiting their unique vulnerabilities.
Breach incidents occurred in some of the most well-known ecosystems, including Poly Network (a Polygon cross-chain protocol), Ronin (the home of Axie Infinity), and Horizon (the Harmony protocol bridge). After the Ronin exploit, the Wormhole Bridge exploit was the second most widespread attack. The hacker made off with approximately $320 million after discovering a flaw in the smart contract code of this Ethereum-Solana bridge that allowed them to mint 120,000 Wrapped Ethereum on Solana without putting up the required equivalent Ethereum collateral.
The Nomad exploit was enabled by a smart contract misconfiguration that allowed anyone with a basic understanding of the code to authorize withdrawals for themselves, which people did. This resulted in ‘the first decentralized crowd-looting of a nine-figure bridge in history.’ More than $32 million of the $200 million stolen has been recovered by amateur white-hat hackers.
While bridge design needs improvement, implementing an improved wallet design could provide additional security. Traditional crypto wallets are frequently vulnerable because funds are controlled by a single private key.
The Ronin hack, for example, was made possible by an elaborate phishing scheme involving fake LinkedIn job offers, which allowed bad actors to obtain access to five of the nine private keys held by transaction validators for the Ronin Network’s bridge.
MPC wallets (multi-party computation) are not tied to a single private key. They distribute private key shares to various locations, such as a server and a user’s device.
Digital signatures generated by a wallet are computed in a distributed fashion. Because the private key is never fully reconstructed, it cannot be exposed.
Another wallet-related technological advancement is account abstraction, which allows Ethereum wallets to function as smart contracts in the most basic sense.
The recently implemented ERC-4337 Ethereum network update enables a’social recovery system’ in which designated third parties can restore access to your wallet if you lose your private keys.
The update also enables the use of 2FA (two-factor authentication) and even biometrics for wallet protection, making them far more secure and user-friendly.
The progression of blockchain toward interoperability has been compared to globalization. Imagine blockchains freely communicating with one another, being able to mint an NFT on Ethereum from Solana, or receiving a loan from a DApp on Avalanche from Arbitrum.
When it becomes safe for users and developers to cross the boundaries of individual blockchains, a whole new level of blockchain commerce and development will be unlocked.
