Interview with Analog’s chief architect Victor Young
More than $1.9 billion in cryptocurrency has been lost to hacks and exploits this year alone, and we still have one quarter to go. Hackers are constantly exploiting security vulnerabilities across third-party wallets, hot wallets, exchanges and cross-chain bridges, among others.
In the first six months of 2022, hackers targeted platforms such as Crypto.com, Qubit Finance’s QBridge, Solana-Ethereum bridge Wormhole, IRA Financial Trust, Cashio, Axie Infinity’s Ronin Bridge, Beanstalk, Fei Protocol, Harmony Bridge, Nomad Bridge, and Solana’s Slope wallet, among others.
What is happening and why are hackers targeting the crypto ecosystem? We sat down with Victor Young, founder and chief architect of Analog, a layer-0 blockchain, to get his perspective on the growing challenge of crypto hacks, why they happen, and what can be done to make blockchains and exchanges safer.
Over the past few months, we have heard of many “crypto hacks”. Can you explain what it means when there is a hack – what is being hacked, what is being stolen?
Victor: Blockchain technologies are designed to be tamper-proof, immutable and democratic structures, with no single point of failure when it comes to recording transactions. The technology addresses security issues through cryptographic primitives and decentralized consensus algorithms.
However, like all technologies out there, blockchain is not immune to hacks. For example, an attacker can take over the blockchain ecosystem by controlling most of the hash rate (blockchain’s computational power) in proof-of-work (PoW)-based networks such as Bitcoin and Ethereum in a so-called 51% attack or a double-use attack (a strategy of to transfer the coins to anonymous addresses using the same transaction more than once).
Besides 51% attacks and wallet hacks, we are also witnessing a sharp increase in attacks targeting bridging chains, which has a lot to do with the growing use of decentralized finance (DeFi). Although these bridges allow users to transfer assets between heterogeneous chains, their centralized nature means they have a single point of failure with weak trust assumptions.
The last hack involved a “cross-chain bridge” – can you explain what this bridge is and why it is so vulnerable to exploits?
Victor: A cross-chain bridge is an interoperability protocol that enables different heterogeneous chains to communicate with each other. Cross-chain bridges can connect separate chains, allowing users to transfer assets, non-fungible tokens (NFTs), and arbitrary smart contract information across heterogeneous platforms.
Despite the new possibilities opened up by bridging chains, the design itself leaves room for vulnerabilities that hackers can exploit at the expense of users. For example, most current bridge architectures rely on trusted managers to manage the process of locking/burning or unlocking/executing tokens.
Existing trust architectures cannot safeguard users’ funds, especially when large amounts of assets are involved. It is too easy for an attacker or even malicious insiders to breach the permissioned network, take over the bridge and steal users’ funds without deposit. Custodians can also lose their private keys, making cryptos unrecoverable.
In addition, the underlying smart contract may have errors. In this regard, cross-chain bridges using poorly written smart contracts are vulnerable to malicious attacks, posing an even greater risk to users.
Why are there so many hacks in the blockchain universe? (Or you could say here that there aren’t that many compared to “traditional” technology.)
Victor: I am not surprised that there are so many hacks in the blockchain space. Blockchain ecosystems are particularly attractive to hackers because they store value, and where there is money, there is always a crime. Cryptohacking is a rapidly growing business due to the rise of the cryptocurrency economy and DeFi. Coupled with a sharp increase in the prices of cryptocurrencies, such as BTC and ETH, the blockchain space offers criminals lucrative opportunities.
However, the increase in cybercrime does not only apply to blockchain ecosystems. Frankly, the current digital environment is also tough and challenging for businesses operating in the web2 space. Recently, we have seen a sharp increase in cyber attacks targeting traditional companies such as Microsoft, Facebook, Yahoo and Twitter, just to name a few.
Is there something inherently wrong with blockchain technology that makes it more vulnerable? Is it the case that the technology is not mature enough, or is it the case that blockchain companies are rushing to release products and services before they are completely secure?
Victor: You are correct in pointing out that current blockchain implementations are flawed. It has been over a decade since the economic collapse of 2008/2009 that ushered in blockchain technology. Yet we have learned nothing from relying on a few centralized actors, such as banks.
Current blockchains – either PoW or proof-of-stake (PoS)-based – are not fully decentralized due to high barriers to entry. For example, in a PoW-enabled blockchain, the entry barrier is the computational power/hash rate. At the same time, in a PoS-based network, you have to stake a large sum of tokens in order to participate in the consensus process.
As it stands, each blockchain exists as an isolated island, preventing users and decentralized application (dApp) developers from unlocking value. While many cross-chain bridges exist, their underlying design and architecture have weak decentralization and trust assumptions.
Now I know this would be a very big question, but – what can be done?
Victor: The increased number of cryptohacks in the blockchain space is a testament to the popularity of web3 markets and the interest levels of many stakeholders who have noticed the sector. We need to learn from the hacks and build robust protocols that can withstand any hack.
How does your company, Analog, aim to make blockchain technology more secure?
Victor: At Analog, we believe complete decentralization and security are the keys to solving today’s challenges that the sector finds itself in. Analog is an omnichain interoperability network powered by a new proof-of-time (PoT) consensus. Unlike PoW (proof of work) or PoS (proof of stake) protocols with high entry barriers for validators, PoT is completely trustless and any validator can propose or confirm a block provided they have accumulated a ranking score.
Using ranking scores as a parameter creates an open network where anyone can join and participate in consensus without being limited by computational resources or weighted stakes.
At a high level, the analog network consists of a decentralized set of tesseracts and time nodes. Tesseracts act as decentralized “listeners” or “observers” on external chains and can reach consensus on relevant states and events on the connected blockchains through Threshold Signature Schemes (TSS).
On the other hand, time nodes act as decentralized nodes that validate the fetched event data on Analog’s ledger i.e. Timechain. In this regard, the network’s primary goal is to achieve the above two functions without a single point of failure, i.e. in a trustless and permissionless manner.
Mediation
