Last month, Ethereum co-founder Vitalik Buterin aired his concern about the security of cross-chain bridges, most of which have become highly susceptible to attacks in the recent past.
In a Reddit post, Buterin said that while blockchains remain trustworthy even after a 51% hack, cross-chain bridges provide the hackers with the opportunity to move the stolen funds to other chains through the wrapping of tokens and locking of funds on another chain through cross-chains is trustless and centralized.
Centralization and wrapped tokens put the assets of the users at risk.
The Portal DEX
Portal is a true cross-chain DEX built on Bitcoin and it believes in a future of multi-chain without wrapped tokens or use of third-party custody in moving coins from one chain to another to ensure the safety of the user’s assets. The assets of each party are only locked during the trade execution but not replicated or re-bonded onto another chain.
According to Portal’s executive chairman Chandra Duggirala:
“Bridges are hard to reason about and secure. Wrapping assets on other chains basically inherits the guarantees of an IOU. When hundreds of Millions and Billions of dollars are being secured by poorly engineered systems and custodians with untested security practices, it becomes hard to secure user funds. Especially given the balance of incentives, with hackers and attackers basically having to get out of jail free cards due to the “code is law” nature of public blockchains, security is especially important. We like simplicity, and trusting proven, lasting contract types and transaction models that Bitcoin has versus all sorts of experimental approaches to real user money.”
Recent cross-chain attacks
MultiChain, pNetwork, THORChain, and Poly Network are some of the popular cross-chain protocols that were hacked in 2021. Poly Network, for example, suffered the largest DeFi hack ever worth $600M although the funds were later recovered.
This year, just a couple of days ago, Wormhole an Ethereum based cross-chain bridge built on Solana suffered an attack that resulted in the loss of 120,000 ETH equivalent to $321 million. In this hack, for example, the cross-chain failed to authenticate all the ‘guardian’ accounts thus providing an opportunity for the hackers to spoof guardian signatures and mint 120,000 ETH from nowhere.
Cross-chain solutions present two main security risks. First, they provide hackers with several attacking fronts since several chains are linked. Second, most cross-chain bridges are too centralized since they use a variety of centralized third parties that are in most cases trustless to facilitate asset transfers.
Crypto security engineering firm Staghead Crypto head Neil Player said:
“Cross chain bridges present a unique set of security risks and these types of exploits are not a surprise. It is a reminder how bleeding edge a lot of the applications that run on top of blockchains are. Exploits such as what occurred on Wormhole are expected to cause growing pains as the technology and techniques associated with bridging assets matures.”
For this reason, Portal uses peer-to-peer atomic swaps to provide true decentralization that enables users to trade native layer-1 assets across multiple blockchains without risking the safety of the assets or experiencing delays or blocked funds.
When using swaps, either each of the parties receives the exchanged assets, or the transaction is rolled back and each party retains their original assets in case of a failed transaction. It does not provide any room for hackers to exploit at any stage of the transaction.