Why crypto bridges are being hacked
Good morning, and welcome to Protocol Fintech. This Monday: why cryptocurrencies are vulnerable, Polygon’s plan of attack and Putin’s new ban on paying for digital assets.
Out of the chain
A key player behind the scenes of this newsletter shortly after we went daily has been Lindsey Choo, who is leaving us to attend Columbia Journalism School. From the leap, Lindsey has been an important contributor, especially helping to increase our coverage of international fintech regulation. In this issue, she shares some of the favorite quotes she picked for Overheard. I have a feeling this will not be the last time we see Lindsey shape the conversation.
– Owen Thomas (e-mail | twitter)
A bridge too far?
One of the challenges for the crypto industry is how many blockchains there are and how complex it is to move over them. This has led to the growth of bridges for people to send tokens across chains. But these bridge tools have been attacked by hackers, which has led to big losses. Some of the largest DeFi notches to date have involved bridges.
Tthe future is multichain. This means that bridges will only become more important.
- Bitcoin is singular: it has one token held on a blockchain. However, many of the blockchains that followed are designed to support multiple tokens, and many cryptocurrencies aim to run on more than one blockchain. USDC trades on eight blockchains, while chains such as Solana and Ethereum are designed with support for multiple currencies in mind.
- Many in the industry believe it is inevitable that there will be more blockchains evolving, each emphasizing different strengths such as gaming, commerce, NFT, mobile or payment.
- But a lot is at stake. If the crypto disappears on one side of a bridge due to a hack, it can destabilize the system. When the Wormhole bridge was hacked, the parent company, Jump Trading, replaced the stolen ether to keep things running.
Attacks on bridges look like other cryptohacks. Hackers exploit code errors or, more frighteningly, the basic design of a network.
- In the Wormhole incident, hackers exploited a security problem in smart contract code to get away with $ 325 million.
- The recent $ 100 million hack of Harmony’s Horizon Bridge was apparently the result of social construction to obtain the necessary electronic signatures to authorize a transaction.
- In the case of Axie Infinity, social engineering played a role, but hackers also exploited a weakness in the system of validator nodes. Four of the five needed to approve a transaction were controlled by Axie creator Sky Mavis, giving hackers an opening to take over things.
Although consumers can get past the trust issues created by the hacks, there are other obstacles. Crossing chains is still a nightmare for the user interface, with more wallets needed and something technically sophisticated.
- This can be the ultimate challenge for bridges, even if safety is eventually resolved. Until it becomes easier to build bridges between chains, widespread cryptoadoption will be prevented.
- Some Web3 companies are working on ways to make bridge building easier. Transak aims to make it seamless for users who have, for example, ether, to play a game on the Solana blockchain.
There are trade-offs for how bridges are designed between speed, cost and safety. Safer bridges can be slow to complete a transaction. In the long run, however, this will mostly be a headache for developers. The ultimate crypto bridge can be one that consumers do not even know they have crossed.
– Tomio Geron (e-mail | twitter)
A version of this story first appeared on Protocol.com. Read it here.
SPONSORED CONTENT FROM GOOGLE PLAY
Android and Google Play are blank screens. Developers are the artists who paint on them: Over the last two years, there has been a great deal of debate between life and livelihood. Many people had to choose between the two. Those who could work from home did not have to make the difficult choice because we could have both life and livelihood – and technology was the reason why people could have both.
Read more from Google Play
On the money
About minutes: Congressmen want the EPA to do something about the crypto-mining industry’s “disturbing” carbon footprint. They request that the EPA and DOE use the Clean Air Act to request disclosure from mining companies about their energy consumption and carbon emissions as a first step.
Ethereum’s official switch to proof-of-stake is expected to take place in September. The merger, Ethereum’s long-awaited transition from a proof-of-work consensus mechanism to the more energy-efficient proof-of-effort mechanism, is now scheduled for September, with one more test network left.
Also about protocol: Polygon business leader Antoni Martin believes that crypto winter is the time to “distinguish between speculation and construction.” He spoke with Protocol about what Polygon can be used for, how cryptocurrency has weakened consumer confidence and how he is helping to shape the EU’s crypto regulation.
Russia bans cryptocurrencies. Russian President Vladimir Putin on Friday approved a law banning the use of digital assets as a form of payment in Russia. The law will also require crypto exchanges and providers to refuse transactions where digital assets can be seen as a form of payment.
A Fed survey shows that 56% of senior bank officials believe that crypto is not a priority. Over 56% of senior finance officers from 80 banks believe that blockchain technology and crypto are a “low priority” for growth and development in their companies, according to the latest Senior Financial Officer Survey results from the Federal Reserve.
Overheard, Lindsey Choo Edition
Today we have a special edition of special editions – a summary of my previous favorites that will make you remember when …
… Ethereum co-founder Vitalik Buterin was on the front of Time magazine, and everyone had something to say about it. People took to Twitter to fry the lid and ask “Why […] the richest have the least drip. ” The cover is available for purchase and trade as an NFT now.
… FTX CEO Sam Bankman-Fried asked questions by a CFTC round table discussion on the company’s derivatives trading proposal. Sean Downeyclearing chief compliance officer and head of policy at CME Groupparaphrased Taylor Swift accidentally (or intentionally?) when referring to cryptocurrency. “We’ve seen that movie before, and in fact we saw it quite recently,” he said of the proposal.
… Elon Musk tried to convince us that he does not understand how influential his “personal support” for dogecoin is, and claimed that he “Never said people should invest in crypto.” But as a longtime crypto-skeptic Bill Gates so, “If you have less money than Elon, you should probably take care of yourself.”
– Lindsey Choo (e-mail | twitter)
Coming up
A hearing in the US House on SEC enforcement is set for Tuesday. The US House Committee on Financial Services will hold a hearing entitled “Overview of the SEC’s Division of Enforcement,” which will include the newly renamed Crypto Assets and Cyber Unit.
Truist Financial and Citizens Financial have earnings talks on Tuesday. TFC’s average estimated EPS is $ 1.17, down 5% from the previous quarter. CFG’s average estimated EPS is $ 1.02, down 5% from the previous quarter.
FinTech Festival India 2022 starts on Wednesday. The three-day conference will be held in New Delhi, with speakers from the Blockchain Founders Fund, CoinDCX, Ripple, Revolut and others.
Capital One and Blackstone’s earnings are on Thursday. COF’s average estimated EPS is $ 5.10, down 9% from the previous quarter. BX’s average estimated EPS is $ 1.47, down 5% from the previous quarter.
SPONSORED CONTENT FROM GOOGLE PLAY
Android and Google Play are blank screens. Developers are the artists who paint on them: Many people are not aware of how many ways developers benefit from Google Play, and that Android’s core DNA is open. From the moment developers get a creative idea, they have all the tools they need to build the app, understand the security policies, launch the app and get a global audience.
Read more from Google Play
Thanks for reading – see you tomorrow!
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l="+l:"';j.async=true;j.src=" })(window,document,'script','dataLayer','GTM-TBZ76RQ');
var gotag = document.createElement('iframe'); gotag.src = " gotag.style.height = 0; gotag.style.width = 0; gotag.style.display = 'none';
document.body.appendChild(gotag); console.log('gtag appended')
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
console.log("script runs"); const subscribeForm = document.getElementById("mc-embedded-subscribe-form");
subscribeForm && subscribeForm.addEventListener("submit", (event) => { const errorTarget = document.getElementsByClassName('mce_inline_error'); const responseTarget = document.getElementsByClassName('response');
if (errorTarget.length > 0) {
console.log("errors test");
for (let i = 0; i < errorTarget.length; i++) {
if(!errorTarget[i].classList.contains('newsletter-element__input')) {
setTimeout(() => {
errorTarget[i].style.display = 'none';
}, 4000);
}
}
}
if (responseTarget) {
setTimeout(() => {
for (let i = 0; i < responseTarget.length; i++) {
responseTarget[i].style.display = 'none';
}
}, 4000);
}
}, false);
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
function mc_resp_0(a){a.style.display='none';a.removeAttribute("class");a.innerHTML='';}
document.querySelectorAll("form#MC").forEach(function(form){form.addEventListener("submit",function(e){e.preventDefault();if(document.querySelector('#MC_robot').value !==''){return false}var script = document.createElement('script');let email=form.querySelector('input#MC_email');script.src=this.action.replace('/post?','/post-json?')+'&EMAIL='+email.value;document.body.appendChild(script);var callback = 'callback';window[callback] = function(data) {delete window[callback];document.body.removeChild(script);
var parts = data.msg.split(' - ', 2);if (parts[1] === undefined) {msg = data.msg;} else {var i = parseInt(parts[0], 10);if (i.toString() === parts[0]) {index = parts[0];msg = parts[1];} else {index = -1;msg = data.msg;}}let resp=form.querySelector('#MC_resp');mc_resp_0(resp);resp.innerHTML=msg;if(data.result=='error'){resp.classList.add('bad');}else{resp.classList.add('good');email.value="";}
resp.style.display='inline-block';setTimeout(function(){mc_resp_0(resp)},3000);
console.log(data);}
})});
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
(function(d,s){var DID="b0bf7582-16c5-4fc1-a03f-8f705ea43617";var js,fjs=d.getElementsByTagName(s)[0];js=d.createElement(s);js.async=1;js.src="https://track.cbdatatracker.com/Home?v=3&id='"+DID+"'";fjs.parentNode.insertBefore(js,fjs);}(document,'script'))
});
window.REBELMOUSE_ACTIVE_TASKS_QUEUE.push(function(){
!function(e,t,r,n){if(!e[n]){for(var a=e[n]=[],i=["survey","reset","config","init","set","get","event","identify","track","page","screen","group","alias"],s=0;s
} else if(offsetElement.getBoundingClientRect().top < topValueToCheck && stickySahreContainer.getBoundingClientRect().bottom < bottomValuetoCheck) { stickyShareElement.style.position="absolute"; stickyShareElement.style.top= "auto"; stickyShareElement.style.bottom= "0"; stickyShareElement.style.left= ""; } else { stickyShareElement.removeAttribute("style") } }, 100); if(window.innerWidth > 768){ window.addEventListener("scroll", setSharePosition); window.addEventListener("resize" ,function(){ leftShareOffsetValue =window.innerWidth > 900 ? (( offsetElement.getBoundingClientRect().left-80 )): 20; }) } }
});