NEW YORK: There’s a gaping hole in the crypto industry’s security architecture, and even the wealthiest players haven’t figured out how to fill it.
The weakness in question is what is known in industry parlance as cross-chain bridges – software that allows crypto tokens to move between different blockchains.
Last Thursday, a hacker grabbed around US$100 million (RM467 million) through a bridge used by Binance Holdings Ltd, the largest crypto exchange.
“What is worrying about this is that Binance is not a jerk, it has capital, resources and is able to hire the best,” said Paddy Cerri, chief architect of the blockchain startup. Minimum.
“If he can’t do it, who exactly can build a secure bridge?”
A total of two million Binance coins – equivalent to nearly US$570 million (RM2.6 billion) – were actually minted and taken by the hacker. Binance said in a statement that the incident was isolated from BNB Chain, over which it has no control.
About $100 million of the stolen funds have not been recovered, while the rest have been frozen, the statement said. No user funds were lost, Binance added.
The inability to secure the bridges – Chainalysis estimates that US$2 billion (RM9.3 billion) of tokens have been looted in 13 separate attacks, the majority of which were stolen this year – presents a fundamental dilemma, as without these platforms, the main blockchains from ethereum to solana remain largely separated from each other.
The vision behind web3, touted by proponents as the next iteration of the internet, relies in part on tokens flowing freely between various ecosystems.
Underscoring the demand for the technology, protocols built around cross-chain bridges and interoperability have raised approximately US$347 million (RM1.6 billion) across 30 transactions since 2021, according to analyst Kunal Goel. of research at Messari. LayerZero closed the largest deal with US$135 million (RM626 million), but most of the deals were seed rounds, Goel said.
But even well-funded bridges built specifically to be “safety first” have not been spared.
In August, one such bridge called Nomad — which uses a transaction verification method it claims is more secure than those used by other cross-chain platforms — was hit by a $200 million hack. US dollars (RM 927 million).
One of the main challenges in building secure bridges is their complexity, which provides hackers with many potential entry points.
And there are few qualified experts who can build and secure them, according to security analysts and blockchain developers.
Bridge developers not only need to know in depth how the software works, but also how the various blockchains it connects to work. Finding someone with this know-how isn’t easy, analysts and programmers say.
“I studied distributed computing and consensus and yet I have to say I don’t understand bridges well,” said Paul Frambot, chief executive of crypto startup Morpho Labs, which has developed a new protocol. —Bloomberg