Watertight Blockchain Bridge Security Critical for Cross-Chain Interoperability

As cross-chain interoperability becomes the norm today, the need for truly secure bridges is more important than ever before.
Watertight Blockchain Bridge Security Critical for Cross-Chain Interoperability
Image courtesy of 123rf.
Neither the author, Adi Ben-Ari, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Trustless blockchain bridges will play an important role in cross-chain interoperability and in reducing the risk of hacks in the blockchain industry. This problem was brought to the fore earlier this year with a couple of major attacks on blockchain bridges—the $320 million hack on the Solana Wormhole bridge in February and the theft of $540 million of Ethereum and USDC stablecoin from the Ronin network in March.

An Urgent Issue for Bridges and the Blockchain Industry

The Ronin bridge was made seriously vulnerable by its lack of a trustless, decentralised system. The theft was carried out by the North Korea-based Lazarus Group, which hacked the “validator nodes” of the Ronin bridge. Funds could be moved out if five of the nine validators approved it.

The attacker got hold of the private cryptographic keys belonging to five of the validators, which enabled the theft. Ronin’s audit on the attack concluded: “All evidence points to this attack being socially engineered, rather than a technical flaw”.

Despite the Ronin attack not being a result of technical shortcomings, it illustrates how crypto interoperability and DeFi are fundamentally undermined by the security issues associated with more centralised bridging solutions.

And as bridges are being used to move a lot of liquidity between blockchains, so that security problem grows. At the end of 2021, the global market capitalisation of cryptocurrencies was about $1.8 trillion and is forecast to grow to around $32.4 trillion by 2027.

Increased interoperability between blockchains is critical for the development of the technology and the further growth of the sector, but while bridges provide a lot of liquidity, they are not all safe. Their importance for the future of an interoperable blockchain ecosystem is clear to all involved in the sector, but the industry cannot unlock the potential of bridging without overcoming this considerable security risk.

Join our Telegram group and never miss a breaking digital asset story.

Benefits of Decentralisation

The problem with many bridges is the security model and security assumptions in their design, and the fact that they require users to place trust in a centralised operator, which undermines the security benefits of decentralisation. 

Bridges normally lock tokens on the source blockchain, and mint new “wrapped” tokens on the destination blockchain. The original locked tokens remain locked as collateral until the tokens return in a reverse operation when the wrapped tokens are “burned,” and the locked tokens are released.

The pools of locked tokens are a treasure chest for a hacker and, when compromised, the value of the unbacked wrapped tokens on the destination chain is called into question. This issue highlights both the way the majority of bridges are built, with this lock and mint approach, and the risks to networks with very little decentralisation.

Attacks undermine confidence in the whole concept of blockchain bridges. The value of assets held on bridges has risen to more than $32 billion from $670 million since the start of 2021. For that growth to continue, a bridging solution with security assumptions more aligned with the blockchain network themselves is essential.

Such a solution can be provided through “trustless” systems, mitigating the security risks associated with more centralised bridges.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

The London Bridge

Algorand and Applied Blockchain are collaborating on a (relatively) trustless cross-chain bridge, called London Bridge, that will initially utilise the security properties of hardware enclaves and will later use a new cryptography feature called state proofs, that is being introduced by Algorand.

With the secure enclave technology the bridge operators will have no access to bridge private keys, nor can they influence the code used to communicate, verify or send transactions to the blockchains without first upgrading the smart contracts. This means that even if the bridge operators get compromised as happened with the Ronin network, via social engineering or any other way, the attacker would not be able to access the keys or compromise the bridge in this way.

On the other side, Algorand’s state proofs, which will be introduced later, are a new interoperability standard that securely connects blockchains to the outer world without requiring trust in an intermediary. This type of technology is very important for all Proof of Stake blockchains, as this is this enables provable verification of transactions emanating from the chain. If state proofs, or similar, are not available for a proof of stake blockchain, then the bridge operators must be trusted to correctly verify each transaction.

State proofs provide an immutable chain of proofs that verifies the status of assets held on Algorand. In a bridge scenario, this enables smart contracts on the target chain to process transactions from the Algorand chain.

With state proofs, Algorand will be able to securely connect to the broader blockchain world, enabling users to complete cross-chain transactions efficiently, cost-effectively, and more securely. This will serve as a blueprint for other cross-chain solutions looking to close the security loopholes of more centralised trusted operator systems.

State proofs and blockchain bridges enable communication and trust between blockchains, but basic token transfers are not the only application. Bridges and state proofs can be used on other blockchains to verify different types of data and activity.

Applications like SilentData, a privacy-preserving data oracle also developed by Applied Blockchain, can be used to verify real-world web2 data sources, like Instagram for example, to provide proofs that can be used inside the blockchain environment. NFT creators with Instagram accounts, for example, can prove they are behind an NFT and avoid it being hacked or stolen by using SilentData to provide cryptographic proof of Instagram account ownership and associate this with their minted NFT. This proof can now also be bridged across chains using state proofs.

Next-generation security measures such as the state proofs under development at Algorand, in partnership with Applied Blockchain, are critical for the long-term viability of blockchain bridges. They will improve security, thereby encouraging more investors to use these solutions to transfer their assets across chains.

What are your thoughts on the future of blockchain security and bridges? Let us know in the comments below.