Ко-основач на Ethereum Виталик Бутерин sounded alarm last month over the security of cross-chain bridges, most of which are highly vulnerable in the event of 51% attacks.
Buterin said in a Reddit post that, while blockchains “maintain many of their guarantees even after a 51% attack,” cross-chain bridges open the possibility for the attacker to steal funds by moving tokens onto another chain.
The wrapping and locking of funds onto other chains by these so-called “cross-chain” protocols are neither trustless nor decentralized. That’s why Портал, a true cross-chain DEX built on Bitcoin, believes in a multi-chain future without wrapped tokens or third-party custody to ensure the safety of users’ assets. Each party’s funds are locked only during trade execution and not re-bonded or replicated onto other chains for eternity.
Портал’s executive chairman Chandra Duggirala said, “Мостовите тешко се расудуваат и се обезбедуваат. Завиткување средства на други синџири во основа ги наследува гаранциите на IOU. Кога стотици милиони и милијарди долари се обезбедени со слабо конструирани системи и чувари со непроверени безбедносни практики, станува тешко да се обезбедат кориснички средства. Особено со оглед на рамнотежата на стимулации, при што хакерите и напаѓачите во основа мораат да излезат од картички без затвор поради природата на „кодот е закон“ на јавните блокчејн, безбедноста е особено важна. Ја сакаме едноставноста и веруваме на докажани, трајни типови договори и модели на трансакции што ги има Биткоин наспроти сите видови експериментални пристапи за вистински кориснички пари."
MultiChain, THORChain, pNetwork, Poly Network are just some of the cross-chain protocols that suffered security breaches in 2021. Poly Network suffered the biggest DeFi hack ever worth $600 million, though the funds were eventually returned.
More recently, Wormhole lost 120,000 Ether (ETH) worth over $321 million in one of crypto’s largest hacks of all time. The cross-chain protocol failed to validate all “guardian” accounts, which enabled the assailant to spoof guardian signatures and mint 120,000 ETH out of thin air. Jump Crypto, which owns Certus One that developed Wormhole, has replenished Wormhole’s reserves.
Neil Player, Head of Staghead Crypto, a crypto security engineering firm, said „Мостовите со вкрстени синџири претставуваат уникатен сет на безбедносни ризици и овие видови на експлоатации не се изненадување. Тоа е потсетник колку крвавечки се многу апликации што работат на врвот на блокчејновите. Искористувањата како она што се случи на Wormhole се очекува да предизвикаат растечки болки како што созреваат технологијата и техниките поврзани со премостување на средствата“.
There are two key risks with cross-chain solutions. First, they increase the number of attack vectors for the assets across a wider network surface area. Second, most cross-chain bridges facilitate asset transfers through a variety of centralized federations and external validators that may no longer remain decentralized and trustless. In short, they are too centralized.
Johnny Dilley, the inventor of Liquid Federation (Blockstream) noted, “Custody is hard — explaining to people in DeFi why their assets are often in the custody of others is even harder! Thefts from platforms like Moonbeam underscore the difficulty associated with properly safe & secure means of transfer between chain environments — without an attitude of constant vigilance (like those used by systems with dedicated hardware security, or strict key-ownership-is-ownership policies), users without the capacity to evaluate the trustability of the systems they use will continue to be robbed blind. The industry needs a smarter, permanent answer for cross-chain asset movement, and Portal represents the best step forward on that path. "
The peer-to-peer atomic swaps underpinning Portal provide true decentralization, enabling users to trade native Layer-1 assets across different blockchains without delays, blocked funds, or exploits. There is no central server or host, making Portal highly resistant to attacks.
In atomic swaps, either the entire transaction occurs completely and both parties receive the exchanged assets, or the transaction rolls back and both parties retain ownership of their existing assets. There’s no room for either party to exploit any stage of the transaction.
Одрекување: Овој напис е даден само за информативни цели. Не е понуден или наменет да се користи како правен, даночен, инвестициски, финансиски или друг совет.
Source: https://cryptodaily.co.uk/2022/02/the-curse-of-cross-chain-bridges-and-wrapped-tokens-put-users-at-risk