Zero-Knowledge Proof – How It Works
Zero-knowledge proof is a cryptography technique that enables one party to prove knowledge without revealing it. – Read how it works here.
🇺🇦 Hacken stands with Ukraine!Learn more
Cross-chain bridges—applications allowing the exchange of value across parallel blockchains—present a challenge for blockchains since they need to be able to trust and validate external information. Chainalysis data has revealed that bridge hacks account for a staggering 69% of the total funds stolen in the DeFi space in the past two years, heightening the need for robust cross-chain security.
To tackle this issue, Coinchange, together with LI.FI and Hacken jointly produced a report on “Crosschain Interoperability and Security.” The comprehensive research highlights the importance of interoperability in the blockchain ecosystem, identifies challenges, and offers expert solutions. Here, we present a snapshot of the main findings.
See the full Crosschain Interoperability and Security report.
Blockchain interoperability has become essential in the ecosystem as more blockchains are developed with varying designs, coding languages, and consensus mechanisms. Without it, the exchange of value between different blockchains is complex, and the liquidity of assets is fragmented. Interoperability is crucial in realizing the full potential of blockchain technology, as it allows for the seamless movement of data and assets between blockchains, increasing interconnectedness and enhancing the liquidity of assets.
Cross-chain interoperability refers to the ability of different blockchains to communicate and exchange value with one another. It involves building bridges between other blockchains to allow for the seamless movement of assets and data between them. These bridges act as rules-based protocols, fundamental for scaling solutions, and use messaging infrastructures to ensure secure communication between different blockchains.
There are several approaches to making blockchains interoperable:
In the context of blockchain technology, a bridge is an application built on top of a messaging protocol that facilitates interoperability between different blockchains. It is an interface that connects two or more blockchain networks, allowing the transfer of assets and data between them.
There are different types of bridges. And here’s a suggested structure for bridge categorization:
Messaging infrastructure in bridges. At every bridge’s core is a messaging infrastructure that sends data across chains, facilitating various transfers (e.g., LayerZero, Axelar, Wormhole, CCIP).
Types of bridges. Bridges can be classified into various types based on their applications or utility, such as token bridges, NFT bridges, governance bridges, lending bridges, and ENS bridges. They can also be categorized based on how cross-chain messages are validated, which can be done in a decentralized, centralized, or hybrid way.
Bridge aggregators. Bridge aggregators are platforms that combine multiple bridges to provide users with the most efficient option for cross-chain asset transfers and exchanges, considering factors like cost, speed, slippage, and security. Bridge aggregators work similarly to Decentralized Exchange (DEX) aggregators.
The increasing use of decentralized finance (DeFi), and the growing popularity of Ethereum’s Layer-2 ecosystem are making bridge hacks more frequent. These bridges connect different blockchains and Layer-2 solutions, each having different technologies, and connect many blockchains simultaneously, exposing them to more attack vectors. Furthermore, with the increasing use of DeFi, bridges are moving larger amounts of value, making them more attractive to hackers. Bridge security has three pillars: economic security, implementation security, and environmental security.
Economic Security depends on the cost to gain control over the majority of validators, with the most common way to compromise economic security being to steal the private keys of validators. Natively verified bridges offer the best economic security, while externally verified bridges offer the lowest.
Implementation Security concerns the system’s complexity and the risk vectors that can compromise bridge security. Smart contract vulnerabilities and the compromise of RPC endpoints are the most common ways to compromise implementation security. Bridges need to be audited by multiple third parties to minimize the risk of security breaches.
Environment Security involves the integrity of the environment in which the bridge operates, such as the security of the nodes on which the bridge runs. Bridges need bug bounty programs to minimize the risk of security breaches. The security of the bridge’s nodes is crucial for environmental security. Multiple third-party audits are also necessary for environmental security.
Cross-Chain Interoperability Report analyzes the top 5 most expensive bridge exploits and answers two critical questions for each exploit: why it happened and at which security pillar.
While it’s best to be proactive than reactive, the experts believe in a complex approach to mitigating bridge risks, including adopting measures for threat mitigation, threat response, and risk assessment.
Threat mitigation measures. The report recommends the following actions:
Threat response plan. A good threat response plan should include a faster response time once the attack has begun. It should comprise challenge windows of sufficient duration for the team to take the necessary action. Risk identification with continuous monitoring systems like Extractor is also helpful for hack awareness.
Risk assessment framework for bridge security. Experts believe hacks can still occur, so having a threat response plan is instrumental. The report also recommends having a standardized Risk Assessment Framework to help users select the appropriate bridge for their transaction size and security needs. The report reviews three variants and settles on Coinchange Bridge Risk Assessment Framework which is the fourth DeFi Risk Assessment Frameworks that Coinchange has created to assess DEXes, Money Market protocols,Blockchains and Bridge risks. This framework comprises two parts: Data Gathering with 25 questions and 10 questions exclusively shared for the Risk Scoring ofOperational Risk, Governance Risk, Smart Contract Risk, and Liquidity Risk.
Cross-chain interoperability is crucial for the blockchain ecosystem. It allows for the seamless movement of assets and data between different blockchains, enhancing interconnectedness and increasing the liquidity of assets. Several approaches, such as interoperability protocols, sidechains, atomic swaps, and cross-chain bridges, achieve interoperability between blockchains.
Over the past two years, 70% of the value lost in DeFi was stolen in bridges. The industry needs a better solution for understanding and mitigating the risks.
The future of bridge security and cross-chain interoperability is yet to be determined. However, the effort to get to more secure interoperability is ongoing, and it’s collaborative. Coinchange has gathered prominent interoperability, enterprise, and security players to build the most secure version of the interoperability space.
See the full Crosschain Interoperability and Security report.