Can I still use the cross-chain bridge when safety accidents happen frequently?

Last night, Axie Infinity's exclusive sidechain Ronin was exposed to have stolen crypto assets worth US$624 million (including 173,600 ETH and 25.5 million USDC), which is also the most serious cross-chain bridge security accident to date.

What's embarrassing is that this hacking incident happened just 6 days ago.

So how was Ronin stolen? As an Ethereum sidechain, Ronin's cross-chain bridge uses MPC threshold signature technology. Among the 9 validator keys set, 5 or more validator keys are required to approve deposit and withdrawal transactions.

Four of the keys are managed by the same person (Sky Mavis), which means that as long as the attacker controls Sky Mavis' key and then controls another validator key, the funds of the entire Ronin network will be controlled by the hacker.

Currently, most cross-chain bridge projects use this multi-signature technology. Therefore, in theory, these projects may also suffer similar attacks.

Cross-chain attack methods that have already appeared

Private key attack is just one of the ways to attack cross-chain bridges.

For example, in the previous Poly Network ( O3 and other projects) hacking incident, the hacker did not complete the attack by stealing private keys, but carried out the attack through a contract permission vulnerability.

Another example is the Wormhole cross-chain bridge that had an accident some time ago. The attacker also took advantage of the contract loophole of the cross-chain bridge, deceived the signatures of multiple signers, minted 120,000 Wormhole ETH, and finally transferred the locked 80,000 ETH to the attacker's own wallet (Note: For detailed attack methods, see "Solana cross-chain bridge project Wormhole suffered a hacker attack, with a loss of nearly 300 million US dollars" compiled by DeFi Road).

In addition, there have been cross-chain attacks in history, such as counterfeit currency recharges and fake websites, which basically revolve around private keys and contract loopholes.

Security risks of LayerZero (stargate)

Next, let’s talk about the recently popular cross-chain project LayerZero and the first cross-chain application stargate based on this protocol.

As of press time, Stargate’s pool already has $3.38 billion worth of stablecoins.

However, the security risks of this cross-chain project are also worrying.

For example, last week the Optimism team warned it that someone had begun to attempt unusual attacks on Stargate, and the Stargate team then sought help from white hat hackers such as samczsun, and later fixed this serious vulnerability. And Stargate's problems don't stop there. A few days ago, Stargate was exposed that its core contracts are all controlled by a private key of an EOA address, which means that if this private key is leaked or the project owner wants to do evil, the consequences will be disastrous.

Currently, although Stargate has been changed to a 2/3 multi-signature mechanism, it may still face the risk of management key attacks similar to Ronin Network.

(Note: This article does not mean that the repeater and oracle cross-chain model adopted by Stargate has no value, but it means that the underlying infrastructure is still the same as some other cross-chain bridge projects)

With so many security issues with cross-chain bridges, is there really no hope?

Trust-Minimized Cross-Chain Bridge

It’s not absolute, but we are still in the early stages of cross-chain. By adopting a trustless approach, we can reduce some potential attack surfaces and improve the security of the system.

Nomad relies on fraud proofs

For example, Nomad uses an optimistic mechanism to improve the security of cross-chain communication, which avoids the use of new cryptography and relies on fraud proofs and publication proofs to prevent channel failures.

The core design of the protocol is revocation rather than permission, which means that the key manager can only revoke access but cannot allow access. In other words, even if an attacker controls all the management keys of the system, he cannot steal funds, and the worst thing he can do is DoS attack the entire network.

Note: Nomad may still have the risk of contract vulnerabilities.

IBC, Near Rainbow Bridge, etc. using light clients

Over the years, cross-chain communication protocols using light clients & relays have proven to be the most secure cross-chain method. For example, the IBC communication protocol of the Cosmos ecosystem has security from the finality of the Tendermint consensus. Its design does not introduce a trusted third party. The handshake (mimicking the TCP/IP handshake) is first initiated between the two chains that want to be connected, and then confirmed. To confirm the transaction, the validity rules of one chain are directly encoded into the IBC light client on the other chain, and state verification is performed according to these rules.

The light client can then verify the Merkle proof of the block header associated with the transaction against the latest consistent state of the counterparty's chain, thereby verifying the state of the chain on the other end of the ibc transaction.

This state verification technology, along with a real-time network of relay operators passing packets back and forth, ensures that IBC remains highly secure and permissionless.

However, the use of a light client approach means that IBC is currently limited to its own ecosystem and cannot be effectively expanded to EVM ecosystems such as Ethereum.

In addition, cross-chain through IBC is not absolutely safe. As Vitalik mentioned in a post written 2 months ago, the more blockchains the cross-chain protocol connects, the worse the problem will become. If there are 100 blockchains connected to each other through IBC, then there will be many interdependent dapps between these chains, and a 51% attack on one of the chains will also cause systemic infection, thereby threatening the economy of the entire ecosystem.

Let’s review the sentence at the beginning of the article: The security of cross-chain interoperability depends on its weakest (or most trusted) link. This actually means that it is difficult for the Cosmos ecosystem to expand to more long-tail chains without solving shared security, which is also the focus of Cosmos this year.

Of course, Vitalik also mentioned that these problems will not appear immediately. A 51% attack on any PoS chain is very costly, but his reminder is indeed worthy of our attention.

Trust-minimized rollup cross-chain bridge

Let’s briefly talk about the rollup cross-chain bridge that the Ethereum ecosystem currently relies on the most. Compared with the sidechain cross-chain bridge, the current rollup cross-chain bridge may not seem to be fundamentally different. Both rely on the n-of-m federal trust model (that is, multi-signature), but the rollup cross-chain bridge can remove this trust model as it develops. The ultimate risk point lies in the smart contract itself, while the sidechain cross-chain bridge can only rely on this federal trust model, and it also faces smart contract risks and 51% attack risks.

Some simple suggestions

The water of cross-chain is too deep. Almost every solution will face multiple potential attacks. The more complex the system design, the greater the possibility of attack. Therefore, the author does not recommend transferring too many assets between public chains through the existing cross-chain bridge. If there is a real need, I would recommend the following ways to reduce the risk of attack;

1. Exchange the native assets of the corresponding chain through a safer centralized exchange, and then withdraw them to the corresponding chain to avoid possible smart contract risks.

2. Use trust-minimized cross-chain bridges such as IBC, Nomad, and mature rollup cross-chain bridges.

3. Without looking at the TVL indicator for now, the higher this value is, the greater the possibility that the cross-chain bridge will be attacked by hackers.

4. Use cross-chain bridges that have existed for a long time and have never had any security incidents, and try to avoid using cross-chain bridges between different ecosystems.

Finally, I sincerely hope that cross-chain bridges will become more and more secure.