{"id":454457,"date":"2022-05-29T05:17:00","date_gmt":"2022-05-29T02:17:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/is-there-a-secure-future-for-cross-chain-bridges\/"},"modified":"2022-05-29T05:17:00","modified_gmt":"2022-05-29T02:17:00","slug":"is-there-a-secure-future-for-cross-chain-bridges","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/is-there-a-secure-future-for-cross-chain-bridges\/","title":{"rendered":"# Is there a secure future for cross-chain bridges?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a28a89068b96\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a28a89068b96\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/is-there-a-secure-future-for-cross-chain-bridges\/#%E2%80%9D_Is_there_a_secure_future_for_cross-chain_bridges_%E2%80%9C\" >&#8221; Is there a secure future for cross-chain bridges? &#8220;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/is-there-a-secure-future-for-cross-chain-bridges\/#When_contracts_get_too_smart\" >When contracts get too smart<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/is-there-a-secure-future-for-cross-chain-bridges\/#A_steep_learning_curve_to_master\" >A steep learning curve to master<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Is_there_a_secure_future_for_cross-chain_bridges_%E2%80%9C\"><\/span>&#8221; Is there a secure future for cross-chain bridges? &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-2a0745c6>The plane touches down and comes to a halt. Heading to passport control, one of the passengers stops at a vending machine to buy a bottle of soda \u2014 but the device is absolutely indifferent to all of their credit cards, cash, coins and everything else. All of that is part of a foreign economy as far as the machine is concerned, and as such, they can\u2019t buy even a droplet of Coke.<\/p>\n<p>In the real world, the machine would have been quite h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>y with a Mastercard or a Visa. And the cash exchange desk at the airport would have been just as happy to come to the rescue (with a hefty markup, of course). In the blockchain world, though, the above scenario hits the spot with some commentators, as long as we swap <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">travel<\/a>ing abroad for moving assets from one chain to another.<\/p>\n<p>While blockchains as decentralized ledgers are pretty good at tracking transfers of value, each layer-1 network is an entity in itself, unaware of any non-intrinsic events. Since such chains are, by extension, separate entities vis-\u00e0-vis one another, they aren\u2019t inherently interoperable. This means you cannot use your Bitcoin (BTC) to access a decentralized finance (DeFi) protocol from the Ethereum ecosystem unless the two blockchains can communicate.<\/p>\n<p>Powering this communication is a so-called bridge \u2014 a protocol enabling users to transfer their tokens from one network to another. Bridges can be centralized \u2014 i.e., operated by a single entity, like the Binance Bridge \u2014 or built to varying degrees of decentralization. Either way, their core task is to enable the user to move their assets between different chains, which means more utility and, thus, value.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-05\/1fa652cb-a57c-4371-bd0a-ff0ad14409ba.png\"><\/figure>\n<p>As handy as the concept sounds, it is not the most popular one with many in the community right now. On one hand, Vitalik Buterin recently voiced skepticism about the concept, warning that cross-chain bridges can enable cross-chain 51% attacks. On the other hand, spoofing-based cyberattacks on cross-chain bridges exploiting their smart contract code vulnerabilities, as was the case with Wormhole and Qubit, prompted critics to ponder whether cross-chain bridges can be anything other than a security liability in purely technological terms. So, is it time to give up on the idea of an internet of blockchains held together by bridges? Not necessarily.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Crypto, like railways, is among the world\u2019s top innovations of the millennium<\/em><\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"When_contracts_get_too_smart\"><\/span>When contracts get too smart<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>While details depend on the specific project, a cross-chain bridge linking two chains with smart contract support normally functions like this. A user sends their tokens (let\u2019s call them Catcoins, felines are cool, too) on Chain 1 to the bridge\u2019s wallet or smart contract there. This smart contract has to pass the data to the bridge\u2019s smart contract on Chain 2, but since it\u2019s incapable of reaching out to it directly, a third-party entity \u2014 either a centralized or a (to a certain extent) decentralized inter<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>ry \u2014 has to carry the message across. Chain 2\u2019s contract then mints synthetic tokens to the user-provided wallet. There we go \u2014 the user now has their wrapped Catcoins on Chain 2. It\u2019s a lot like swapping fiat for chips at a casino.<\/p>\n<p>To get their Catcoins back on Chain 1, the user would first have to send the synthetic tokens to the bridge\u2019s contract or wallet on Chain 2. Then, a similar process plays out, as the intermediary pings the bridge\u2019s contract on Chain 1 to release the appropriate amount of Catcoins to a given target wallet. On Chain 2, depending on the bridge\u2019s exact design and business model, the synthetic tokens that a user turns in are either burned or held in custody.<\/p>\n<p>Bear in mind that each step of the process is actually broken down into a linear sequence of smaller actions, even the initial transfer is made in steps. The network must first check if the user indeed has enough Catcoins, subtract them from their wallet, then add the appropriate amount to that of the smart contract. These steps make up the overall logic that handles the value being moved between chains.<\/p>\n<p>In the case of both Wormhole and Qubit bridges, the attackers were able to exploit flaws in the smart contract logic to feed the bridges spoofed data. The idea was to get the synthetic tokens on Chain 2 without actually depositing anything onto the bridge on Chain 1. And truthfully, both hacks come down to what happens in most attacks on DeFi services: exploiting or manipulating the logic powering a specific process for financial gain. A cross-chain bridge links two layer-1 networks, but things play out in a similar way between layer-2 protocols, too.<\/p>\n<p>As an example, when you stake a non-native token into a yield farm, the process involves an interaction between two smart contracts \u2014 the ones powering the token and the farm. If any underlying sequences have a logical flaw a hacker can exploit, the criminal will do so, and that\u2019s exactly how GrimFinance lost some $30 million in December. So, if we are ready to bid farewell to cross-chain bridges due to several flawed implementations, we might as well silo smart contracts, bringing crypto back to its own stone age.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>DeFi attacks are on the rise \u2014 Will the industry be able to stem the tide?<\/em><\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"A_steep_learning_curve_to_master\"><\/span>A steep learning curve to master<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There is a bigger point to be made here: Don\u2019t blame a concept for a flawed implementation. Hackers always follow the money, and the more people use cross-chain bridges, the bigger is their incentive to attack such protocols. The same logic applies to anything that holds value and is connected to the internet. Banks get hacked, too, and yet, we\u2019re in no rush to shutter all of them because they are a crucial piece of the larger economy. In the decentralized space, cross-chain bridges have a major role, too, so it would make sense to hold back our fury.<\/p>\n<p>Blockchain is still a relatively new <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, and the community around it, as vast and bright as it is, is only figuring out the best security practices. This is even more true for cross-chain bridges, which work to connect protocols with different underlying rules. Right now, they are a nascent solution opening the door to move value and data across networks that make up something bigger than the sum of its components. There is a learning curve, and it\u2019s worth mastering.<\/p>\n<p>While Buterin\u2019s argument, for its part, goes beyond implementation, it\u2019s still not without caveats. Yes, a malicious actor in control of 51% of a small blockchain\u2019s hash rate or staked tokens could try to steal Ether (ETH) locked on the bridge on the other end. The attack\u2019s volume would hardly go beyond the blockchain\u2019s market capitalization, as that\u2019s the maximum hypothetical limit on how much the attacker can deposit into the bridge. Smaller chains have smaller market caps, so the resulting damage to Ethereum would be minimal, and the return on investment for the attacker would be questionable.<\/p>\n<p>While most of today\u2019s cross-chain bridges are not without their flaws, it is too early to dismiss their underlying concept. Besides regular tokens, such bridges can also move other assets, from nonfungible tokens to zero-knowledge identification proofs, making them immensely valuable for the entire blockchain ecosystem. A technology that adds value to every project by bringing it to more audiences should not be seen in purely zero-sum terms, and its promise of connectivity is worth taking risks.<\/p>\n<p class=\"post-content__disclaimer\"><em>This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.<\/em><\/p>\n<p class=\"post-content__disclaimer\"><em>The views, thoughts and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Lior Lamesh<\/strong> is the co-founder and CEO of GK8, a blockchain cybersecurity company that offers a custodial solution for financial institutions. Having honed his cyber skills in Israel\u2019s elite cyber team reporting directly to the Prime Minister\u2019s Office, Lior led the company from its inception to a successful acquisition for $115 million in November 2021. In 2022, Forbes put Lior and his business partner Shahar Shamai on its 30 Under 30 list.<\/div>\n<\/div>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/is-there-a-secure-future-for-cross-chain-bridges\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Is there a secure future for cross-chain bridges? &#8220; The plane touches down and comes to a halt. Heading to passport control, one of the passengers stops at a vending machine to buy a bottle of soda \u2014 but the device is absolutely indifferent to all of their credit cards, cash, coins and everything&#8230;<\/p>\n","protected":false},"author":1,"featured_media":454458,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDUvZmZiMzFmNmUtYzI1NS00Yzc3LTgxMjgtYTZiMTk4NTRhMTQxLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,112348,74983,74868,74882,4965],"class_list":["post-454457","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-chain","tag-decentralization","tag-defi","tag-hacks","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/454457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=454457"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/454457\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/454458"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=454457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=454457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=454457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}