The $100M Hack and Crypto’s Cross-Chain Problem

Crypto has a cross-chain payments problem — and it needs to solve it, fast.

That was made clear on June 23, when yet another so-called bridge protocol was hacked, with users out $100 million.

That adds to a tally of more than $1 billion in stolen funds in 2022 alone. But given that $612 million was taken (and then returned) in just one bridge hack in 2021, the most recent theft wasn’t even close to a record loss.

In this most recent case, the target was Horizon, a bridge that allows crypto holders to make payments between the Harmony blockchain and either Ethereum or Binance Smart Chain by depositing their ETH or BNB in the bridge protocol and withdrawing “wrapped” ONE tokens native to Harmony. A Bitcoin-Harmony bridge was unaffected.

Ether and BNB tokens deposited in Horizon are returned when the wrapped ONE tokens are deposited back into the bridge.

As usual, the bridge has been shut down — stranding depositors’ funds — while the developers race to close the hole and work with authorities and blockchain investigation firms to track and hopefully recover at least some of the funds. In the past, such problems have taken days or weeks to resolve.

DeFi Dilemma

Bridges are controlled by self-executing smart contracts, which can be very dumb — and easily exploitable — if not properly written and carefully audited on an ongoing basis.

Bridge fees are generally far lower and the process far simpler than going to an exchange, selling ether or BNB tokens and then buying ONE tokens — which aren’t available on all exchanges — to make the transaction. The funds stolen are those deposited by users and they aren’t insured.

The Harmony blockchain is designed to provide far faster transaction times — 2-second finality. It uses a type of eco-friendly proof-of-stake (PoS) consensus mechanism called Effective PoS. While the various PoS mechanisms use almost no energy and are far faster and more scalable than Bitcoin and Ethereum, which drain country-sized amounts of power, there are growing concerns that they are not as secure.

See more: Can Proof-of-Stake Solve Crypto’s ESG Problem?

However, that is separate from the security problems of bridges like Ronin ($620 million in April) and Wormhole ($320 million in February), among others, which were attacked via flaws in their code. They are also generally decentralized finance (DeFi) projects which tend to have one major flaw in common: hasty development.

“The security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them,” Tom Robinson, co-founder of blockchain analysis firm Elliptic, said after the Wormhole hack. “The transparency of the blockchain is allowing attackers to identify and exploit major bugs.”

See more: Hackers Hit Wormhole DeFi Project, Take $320M

It’s a problem that has quickly grown to the point where the use of bridges as a solution for cross-chain payments has been put in jeopardy. And seeing as the multi-chain future of a blockchain-based, the crypto-powered financial ecosystem requires them to achieve any real-world usability, the crypto business needs to find other solutions.

Read more: PYMNTS Crypto Crime Series: With $1B Hacked, Cross-Chain Crypto Payments May Be in Jeopardy

Different Directions

One possibility is Polkadot, an “Ethereum-killer” project that calls itself a “blockchain of blockchains” that wraps 100 “parachains” — fully functioning, separate blockchains — around a central hub that creates an ecosystem allowing cross-chain payments. However, those chains still need bridges to reach other major blockchains, most notably Ethereum.

See also: The Most Ambitious of the ‘Ethereum Killers,’ Polkadot’s Launch Could Begin the Reinvention of DeFi

In addition, the top stablecoins, Tether’s USDT and Circle’s USDC, have created native versions on a growing number of blockchains that make it easy to use them for cross-chain payments.

USDC has native tokens on Algorand, Avalanche, Ethereum, Flow, Hedera, Solana, Stellar, Tron and Polygon. USDT is supported on Omni Layer, Ethereum, Tron, EOS, Liquid, Algorand, Solana, Bitcoin Cash (SLP), Kusama, Polygon and Avalanche.

But another potential solution is a separate blockchain designed specifically for cross-chain token swaps — such as THORChain, which in a happy coincidence saw its Mainnet go live today, exiting beta on six major blockchains after four years of development. These are Bitcoin (BTC), Ethereum (ETH), Binance Smart Chain (BNB), as well as three top currency-replacement chains: Bitcoin Cash (BCH), Dogecoin (DOGE), and Litecoin (LTC).

And, of course, THORChain itself went live. Its native token is RUNE

Two more blockchains, Avalanche and Cosmos, are expected soon, developers said, with others to follow. Its next order of business is to integrate decentralized exchanges, or DEXs, and exchange aggregators.

While it is controlled by a decentralized autonomous organization or DAO, like all DeFi projects, THORChain is different in that its node operators must approve any upgrades or changes to the protocol’s code or rules — and extra layer of security that most DeFi projects lack.

Whether it will prove the solution remains to be seen, but given bridges’ track record, it can hardly be worse.

 

Sign up here for daily updates on all of PYMNTS’ Crypto coverage.

——————————

NEW PYMNTS DATA: THE TAILORED SHOPPING EXPERIENCE STUDY – MAY 2022

About: PYMNTS’ survey of 2,094 consumers for The Tailored Shopping Experience report, a collaboration with Elastic Path, shows where merchants are getting it right and where they need to up their game to deliver a customized shopping experience.