Are we helpless against attacks on blockchain bridges?

Hacks have plagued the decentralized finance (DeFi) space in recent years, prompting critics of blockchain technology to take a closer look at how this technology threatens security. This year started with a $600 million hack on Axie Infinity’s Ronin sidechain, followed by a $325 million attack on Solana’s wormhole, both of which were caused due to AMM (automated market maker) cross-chain bridges that support both protocols. It happened again just a few days ago when hackers stole $100 million from the Harmony protocol’s Horizon cross-chain bridge in a similar attack.

These hacks are sparking conversations about whether there are other types of bridges that can better protect against such vulnerabilities. This piece aims to describe the different types of bridges and explain why peer-to-peer powered bridges are a superior choice to protect end users and allow the DeFi industry to mature.

Know your bridges: AMM versus peer-to-peer

Data from Dune Analytics shows that the total value locked (TVL) of the DeFi bridge away from Ethereum is $11.8 billion, with Polygon, Arbitrum, and Avalanche bridges taking the top three spots. Due to problems surrounding Ethereum, especially its high gas fees, network congestion, scaling problem and power consumption, the discussion around interoperability is increasing. Through this we begin to see the importance of enabling users to send crypto from one blockchain to another without using a centralized entity.

It is crucial that users are aware of the type of bridges they are using and the level of security they bring to the table. Most of the big bridge hacks have been AMM based, including the last three in 2022 – the attacks on Ronin, Wormhole and now Harmony’s Horizon bridge. To dissect what happened, let’s take a closer look at what happened to the first two.

During the attack, the Ronin bridge revealed how it is somewhat centralized, operating on nine validators that require five signatures to confirm deposits and withdrawals. To recognize a deposit or withdrawal, five of the nine validator signatures are required to put control of the bridge in the hands of just five validators.

Hackers gained access to private keys used to validate transactions on the network using AMM-based bridges, therefore enabling a massive hack. Having only nine validators for the Ronin bridge, and four belonging to the same person is worrying. Collecting user funds – over USD 500 million – in one wallet address is the exact definition of centralization, which illustrates why users and Web 3.0 projects need to understand the dangerous nature of AMM bridges.

The wormhole exploit that occurred in February is another example of an AMM bridge hack, which saw the loss of 120,000 wrapped Ether tokens (WETH) worth over $300 million at the price of Ether at the time. Wormhole connected blockchain networks like Avalanche, BNB Smart Chain, Ethereum, Polygon and Solana, and the hack remains one of the biggest in DeFi history.

The attack occurred after a hacker found a vulnerability in Wormhole’s smart contract and minted 120,000 WETH on the Solana blockchain. WETH was transferred to a single pool, which then became robust. A simple change from AMM to peer-to-peer – which does not pool funds – would prevent disasters like this. Why are we putting hundreds of millions of dollars into one exploitable pool?

With the Wormhole, we saw that the WETH tokens on Solana were briefly backed by the Ether security, and a token was used to convert Ethereum to other cryptocurrencies that maintained the same value as the WETH token. This in turn had significant implications for Solana, such as further exploitation, extreme financial losses and investor distrust.

Every time a hack makes headlines, adoption slows and the credibility of the ecosystem weakens. AMMs have eroded trust within the crypto ecosystem, as we have seen with the Wormhole and the Ronin hack. There are better ways to achieve security, and delving into peer-to-peer technology powered by atomic swaps reveals a solution based on protecting individual users’ funds.

P2P bridges: more secure alternatives to AMMs

There are important differences between AMMs and peer-to-peer bridges powered by atomic swaps, which are exchanges of cryptocurrencies between different blockchains. Cross-chain AMM bridges leave too much potential for hacking to occur because people dump millions of dollars into a single liquidity pool, and that pool can be withdrawn or hacked because each smart contract is tied to a small group of validators. To say the least, setting up capital in an AMM liquidity pool is risky.

5YZd092am7 dWN76tTXQnG3j21

P2P-based bridges will provide more secure trading across chains. They use atomic swaps and order books, removing the reliance on complicated smart contracts or centralized liquidity pools. Peer-to-peer technology makes it possible to exchange chain swaps completely trustless and decentralized without intermediaries. Only one transaction enters and exits simultaneously per trade, making it a more secure way to trade in a cross-chain world. Swaps are described as “atomic” because with each order, either the trade is completed and two users exchange funds, or the trade is not completed and original funds are distributed back to the two users. This is made possible by hash-time locked contracts (HTLC). This protocol design prevents millions from being vulnerable to creative hackers.

While most AMM bridges focus on a one-way or two-way bridge connecting Ethereum and another layer-1 blockchain, such as Avalanche, or layer-2 blockchains such as Arbitrum, peer-to-peer powered bridges offer a multi-way bridge with endless possibilities for trading pairs. For example, users can trade an asset from Fantom to Avalanche and any number of combinations, including native trading of UTXO (unspent transaction output) coins such as Bitcoin, Dogecoin and Litecoin.

The way forward

The future of blockchain depends on reliable interoperability. This is why we need DeFi protocols that provide secure bridges from one chain to another. To prevent hacks, we need to move towards peer-to-peer bridges where each market maker uses funds from their own wallets and controls their own private keys. End users should never have to place their financial trust in the safety of a centralized liquidity pool. Likewise, developers should also consider building cross-chain bridges that use P2P technology.

Only when people trust a system will they continue to invest in it.
Despite the rapid growth of cross-chain protocols, we are still in the early stages of development, what many call “the wild west”. More needs to be done to effectively move past the outdated security tactics of the crypto ecosystem and leverage the newer, more secure technologies that are emerging, such as P2P-powered bridges.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *