An Interoperable Web 3.0 Without Proper Security Is a Disaster Waiting To Happen

Do repost and rate:

Interoperability is crucial for the development of Web 3.0 technologies and the wider crypto ecosystem.

Without interoperability, users are limited to using a single blockchain, preventing them from connecting with other networks and taking advantage of the various benefits that come with a more open and interconnected system.

However, Web 3.0 is only as secure as the systems that support it, and without proper security, a permissionless and trustless future is a disaster waiting to happen.

The bridge – the most dangerous place in crypto

A bridge is by nature a continuation of a blockchain, and as such, it should fully satisfy the core requirements of blockchain being trustless, decentralized and secure.

This concept became known as the interoperability trilemma, and it requires bridges to be trustless, extensible and agnostic (able to transfer any type of data supported by chains).

The nature of cross-chain transacting creates more points of failure, and therefore, higher security risks compared to interacting within a single network.

While security issues are not fully solved within individual networks, bridges present extra challenges.

Regardless of how the specific bridge is designed, the funds have to be locked up in a smart contract or with a centralized custodian, which in turn becomes a honey pot for black-hat hackers.

Smart contracts that execute across multiple blockchains are more complex, making them susceptible to errors and malicious attacks.

In fact, cross-chain bridges are the victim of 50% of DeFi exploits. In the last two years, approximately $2.5 billion has been stolen by hackers by exploiting their unique vulnerabilities.

Breaches happened with some of the most well-known ecosystems Poly Network (a Polygon cross-chain protocol), Ronin (the home of Axie Infinity) and Horizon (the Harmony protocol bridge), among others.

The Wormhole Bridge exploit was the second biggest attack after the Ronin exploit. The hacker made off with roughly $320 million after finding a flaw in the smart contract code of this bridge between Ethereum that allowed them to mint 120,000 Wrapped Ethereum on Solana without putting up the necessary equivalent Ethereum collateral.

The Nomad exploit was made possible by a misconfiguration of the smart contract that allowed anyone with a basic understanding of the code to authorize withdrawals for themselves, which people did.

This led to what was described as ‘the first decentralized crowd-looting of a nine-figure bridge in history.’ Of the $200 million stolen, more than $32 million has been recovered from the amateur white-hat hackers.

A secure wallet is the first step to a secure bridge

While there is work to be done in the area of bridge design, implementing an improved wallet design could offer added security.

Traditional wallets are often vulnerable because they rely on a single private key for controlling funds.

For example, the Ronin hack was made possible through an elaborate phishing scheme involving fake LinkedIn job offers, which led to bad actors acquiring access to five of the nine private keys held by transaction validators for Ronin Network’s bridge.

MPC (multi-party computation) wallets aren’t tied to a single private key. They split private key shares across different locations, such as a server and a user’s device.

Digital signatures coming from a wallet are computed in a distributed manner. The private key is never fully reconstructed and thus cannot be exposed.

Another wallet-related technological advancement is account abstraction, which in the most basic terms allows Ethereum wallets to act as smart contracts.

The recently implemented ERC-4337 update to the Ethereum network enables a ‘social recovery system’ where designated third parties can restore access to your wallet if you lose your private keys.

The update also allows the use of 2FA (two-factor authentication) and even biometrics for the protection of wallets, making them much more secure and user-friendly.

When blockchains talk to each other

The evolution of blockchain toward interoperability is sometimes likened to globalization. Imagine blockchains talking to each other freely, being able to mint an NFT on Ethereum from Solana, or get a loan from a DApp on AvalancheArbitrum

When it becomes safe for users and builders to cross the boundaries of individual blockchains, it will unlock a whole new level of blockchain commerce and development.

Sebastian Higgs is the chief strategy officer at Fraction, a creation of MPCH Labs, where he offers entrepreneurship strategy and execution. Before joining Fraction, Sebastian was the general manager of Vo1t and then transitioned to vice president of custody at Genesis after Vo1t was acquired by Genesis Global Trading.

Featured Image: Shutterstock/Eduard Muzhevskyi

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость