On Crypto Bridges
The dilemma of on-chain middlemen.
Disclaimer, NFA, all that legal stuff: All the information presented on this publication and its affiliates is strictly for educational purposes only. It should not be construed or taken as financial, legal, investment, or any other form of advice.
Hi folks,
It’s another bad day in what feels like an increasingly worse bear market by the day. Nomad bridge was exploited and there is an ongoing unknown vulnerability exploit happening in the Solana ecosystem. If you have funds in the Solana ecosystem please move them to cold storage or reputable CEXs asap. Hopefully, none of you are materially affected by this. Here’s a good thread to keep up with the situation.
Apologies for the late issue, it’s been a crazy day.
On Crypto Bridges
Moving crypto assets across blockchain networks are hard. As the crypto asset and blockchain industry mature, the world will undoubtedly become multi-chain with various blockchain networks optimizing for specific needs and use-cases. However, this also increases the risk that asset owners undertake when moving assets across different networks. In the past year alone, more than $1 billion has been exploited from various crypto bridges — and yesterday, we witnessed another ~$200M exploit on a bridge called Nomad.
The initial hacker was able to identify that the Nomad team marked the zero hash (0x00) as a valid root, enabling messages to be spoofed by the exploiters. Now, I’m not going to pretend to be a Giga Chad security expert, so here’s a thread from an actual Giga Chad about the hack:
What’s unique about this hack, in particular, is that it doesn’t require deep technical knowledge, which caused this incident to be the first decentralized crowd looting whereby almost anybody with some knowledge of how blockchain transactions work can participate in the exploit. Simply copy-paste the original attacker’s transaction calldata and voila!
At this point, it seems like almost every existing crypto bridge has been exploited in one way or another. Some survived thanks to bailout, while others never really return to their former glory. I’m not going to pretend to be a shadowy super coder or a cybersecurity expert, and there are way smarter people than me that can explain the technical complexities of crypto bridges — I’m simply here to pontificate on how bridges work, their importance, drawbacks, and present my thoughts on their future dynamics as crypto asset matures. I am but a humble researcher and strategist.
Here are the quick takeaways:
TVL locked across crypto bridges amount to more than $20 billion.
$1.8 billion+ were exploited across 5 crypto bridges in the past year.
Vitalik’s vision of a multi-chain future instead of a cross-chain one will most likely be right.
Bailouts for crypto bridges set a bad precedent for the industry.
Institutional investors will most likely favor trusted rather than trustless crypto bridges.
How Do Bridges Work?
Literally, like the word means itself, bridges “bridge” crypto assets between multiple blockchain networks. The trend arguably started in early 2020 as multiple L1 ecosystems develop and compete for market share, inviting people to come over to their turf and experiment with what they offer; although some such as WBTC has existed way earlier.
These bridges typically work by wrapping tokens in a smart contract to issue them on another chain, while ensuring users that their wrapped tokens are always redeemable one-to-one to the native assets. Let’s take a look at a specific example.
In the case of wrapped Bitcoin (WBTC), which is one of the most popular bridged assets, the nature of the bridge is centralized and custodial. Users deposit BTC from the Bitcoin blockchain and receive WBTC, an ERC-20 token, on the Ethereum blockchain. BitGo is the custodian for WBTC and undergoing a KYC process with BitGo is necessary to mind and redeem WBTC. Additionally, there’s a set of partners who holds the multisig keys on all the BTC that were deposited and minted. In this context, users can verify the 1:1 backing on-chain.
Classifying Bridges
In general, bridges can be classified into trusted and trustless bridges.
The former means that the bridge relies on a centralized entity to function, as shown by the above example with WBTC. Users need to trust the security and good faith reputation of these centralized custodians to ensure that their bridge assets have sufficient liquidity with users who want to redeem the native tokens. In this scenario, the risks are centralized entities going rogue and incompetent security management.
The latter means that the bridge relies on smart contracts. Users need to trust the security of the underlying blockchain and the smart contracts written on top to enable the functionalities of the bridge. In this scenario, the risks are badly written code, social engineering, or new attack vectors that were previously overlooked.
Additionally, there is also a type of trustless bridge that incorporates an AMM to essentially create a more seamless cross-chain swap experience. This model is generally much more efficient compared to the legacy bridge model. However, this is still a trustless model and carries the same inherent smart contracts risk stated above.
Excerpt from Synapse’s docs.
The way this works is a new ERC20 token contract is created on all of the desired destination chains which will serve as the pegged token. When a user bridges their token from the source chain to any destination chain, the original token is locked in Synapse’s bridge smart contract. The Synapse protocol then transmits a cross-chain message instructing the target chain to mint the destination chain token. This newly minted token is distributed to the user's wallet address on the target chain, along with a gas airdrop.
History of Rektness
For bad actors, crypto bridges are akin to flowers for bees. As the world becomes more multi-chain and the total crypto asset market cap (as well as DeFi TVL increases), these bridges will become more and more lucrative to attack. As of 2-August-2022, there is more than $20 billion locked across multiple bridges.
Will you trust that your 20-30 y.o. founders and a team of <10 people can defend against state-level actors? North Korea is already behind the more recent high-profile exploits (read: Axie-Ronin, Harmony)
School of Thoughts
Vitalik once argued that the future will be multi-chain but it won’t be cross-chain. You can read the full context below, but he basically argues that a decentralized application that lives across different chains creates complex interdependencies between multiple chains, whereby a 51% attack on just one chain can have a significant contagion effect that threatens the economy of the entire ecosystem.
Not only security risks, but the tokenomics will also need to decide how to treat the existence of their tokens across different chains. There will be demand-supply concerns to make sure that the original tokenomics framework is being respected, ensuring that the inflation rate of the tokens is not materially impacted by the cross-chain implementations. For stablecoins, this is handled in a completely different manner, but that’s a post for another time.
Big Daddy Bailouts
What’s ironic here is that the word bailout is probably one of the most negative depictions that mainstream media has designated for Wall St. corporations that messed up and required some sort of savings from the Government (or Warren Buffet). It is a word that’s synonymous with Wall Street’s degeneracy and just bad management in general. Once again, crypto is repeating TradFi’s mistake at lightning pace.
Wormhole $320M Hack - Jump Trading (Big Daddy)
Ronin (Axie) $624M Hack - Binance, Animoca, a16z, Accel, Paradigm, Dialectic (Big Daddies)
Harmony Bridge $100M Hack - Inflate the shit out of ONE token to compensate victims (Big Daddy = the communities)
Poly Network $611M Hack - the hacker returns the funds
Out of the four scenarios above, the most positive outcome was Poly Network’s as the hackers eventually returned close to all of the funds originally exploited. However, if we either need bailouts, rely on the good faith of hackers, or resort to the authorities by going to the law enforcement route, then what are we doing here?
Aren’t we better “bridging” assets through CEXs or trusted bridges then?
These entities will eventually be more regulated, with auditable reserves, doxxed founders, and (hopefully) better services.
Sure, you can argue that CEXs and trusted bridges can block you from accessing their services at any moment, especially as they get more pressure from regulators. While that is one-hundred percent valid, trustless bridges might also be forced to do something similar albeit at a much less severe scale, such as blocking IP addresses or flagging transactions from blacklisted wallets. At the end of the day, when the crypto scale hit 1 billion users, 99% of the consumers of these dApps don’t really care. They just want the fastest, safest, and most trusted way to move their assets.
The moment USDC/USDT finds a way to do cross-chain swaps and integrate FIAT off ramps in G-20 countries it’s pretty much game over. Viva la stablecoin!
Reinvent the Wheel
Crypto design in its current form is reinventing the wheel instead of breaking it.
We’re aiming to build a decentralized financial ecosystem but when an exploit happens, we’ll most likely need to rely on authorities in order to retrieve the funds back. If that’s the case, then why are we not just trusting reputable CEXs instead? Yea they might move slower in adopting new chains but if the end results are the same and it is most likely safer as CEXs get regulated, then doesn’t that defeat the purpose in the first place?
I predict that “true” institutions with trillions to deploy will favor CEXs and trusted bridges instead of trustless. So while there’s a market for trustless bridges, the activities will be largely driven by speculators willing to farm the latest food coin on a new alt L1 chain.
These dynamics, combined with Vitalik’s view regarding a multi-chain future, perhaps signaled that we need to strongly rethink the design, philosophy, and use-cases of these bridges.
Same Old Thing
I used to work with a very smart engineer who has decades of experience building software for financial infrastructure. He’s a brilliant guy with a healthy dose of snarky skepticism towards crypto, something that the industry can really use more of; and he used to say that crypto is really just repeating everything TradFi did but in an exponential manner. It seems that he’s right once again (yes, I’m talking about you, David).
Until next time,
Marco M.
Actually, there is bridge tech where the token gets burned on the source chain, instead of locking it in a smart contract, which limits the reliance on a smart contract, increases security, while being trustless. These new bridges are harder to implement, takes more time, so protocols take the easy route and implement less secure tech aka custodial bridges. Once enough funds are locked in these custodial bridges the "monkeys come for the bread". Protocols needn't to be so lazy and skimp on security.
Good read!
I'm curious if you had discussions with some of the builders of these trustless bridges and what they had to say about your concerns (security), views on using CEXs despite the centralization, and predictions (Institutional investors will most likely favor trusted bridges)?