Bridges experienced a hot year in 2022 with over $1.89 billion in user funds. stolen through vulnerabilities in the code and other feats. This is a big problem, and it becomes even more serious with the realization that state-funded North Korean hackers are considered the most active perpetrators of these incidents. According to The Block and Chainalysis, the so-called Lazarus Group was able to steal about 1 billion dollars user funds by hacking bridges and other DeFi protocols in the past year.
It is fair to say that bridge vulnerabilities have become one of the biggest security concerns for the wider crypto ecosystem, and especially for DeFi. So this is an issue that needs to be addressed urgently.
What are cross bridges?
The blockchain industry is uniquely open and decentralized and has grown to encompass hundreds of different networks. There are over 100 independent blockchains today, and they don’t have an easy way to communicate with each other. Because of this, someone on the Ethereum blockchain cannot interact with someone else using Bitcoin. As such, BTC, by far the most valuable crypto asset, cannot easily be used with most DeFi protocols. Then communication between blockchains is obviously desirable as it would open up more liquidity to ecosystems, open up new use cases, and spur crypto adoption.
The desire for interoperability between blockchains has led to the creation of inter-chain bridges, which are designed to enable interoperability between networks. For example, worm-hole bridge allows users to move cryptocurrencies and non-fungible tokens (NFTs) between various smart contract chains such as Ethereum, Polygon and Solana.
Why are they vulnerable?
Unfortunately, most bridges between networks have proven to be extremely unreliable and therefore risky for users. They have become one of the biggest targets for hackers and are constantly being investigated for vulnerabilities. And all too often, vulnerabilities are discovered, resulting in millions of dollars worth of user funds being lost forever.
The designs of bridges vary, but in general they all use a similar mechanism where the user locks assets on the same chain (such as BTC on bitcoin) in a smart contract. Once this is done, the bridge will create a “wrapped” version of that asset on the target blockchain (e.g. wBTC in Ethereum). The user can then use wBTC with any Ethereum-based application and can return the asset at any time to unlock the original BTC. Thus, the value of wBTC is always pegged to the value of BTC.
Bridges are an innovative solution that enables interoperability between networks, but these locked tokens also become tempting targets for hackers, whether protected by a smart contract, a multisig wallet, or a third-party custodian.
Can anyone fix them?
Bridge security is one of the most pressing unsolved problems in the crypto industry, but the good news is that progress is being made.
One of the most promising initiatives to emerge this year is Pantosproject started by co-CEOs bitpanda, one of the largest fintech platforms in Europe. pantos, which launched in public beta in February, is developing a new kind of multi-chain token technology that will allow the transfer of digital assets between protocols in a completely decentralized and insecure way.
Unlike bridges, Pantos is building a true multi-chain token system that will allow assets to exist on multiple blockchains and be freely transferred between them. Key to this is the new Pantos token standard for multi-chain assets, PANDAS, which stands for Pantos Digital Asset Standard.
Pantos is the culmination of years of research involving Bitpanda academics at TU Wien and TU Hamburg. Together with researchers, he formed a dedicated research group in the Christian Doppler Lab for Blockchain and IoT Technology, which has been focusing on networking since 2018.
Pantos implements Newest technologies to ensure interaction between blockchains. It allows native assets of all supported chains to be wrapped and used with Pantos, with each asset backed 1:1 with a native token and locked inside a smart contract. The PANDAS-20 token standard is compatible with multiple blockchains (Ethereum, BNB Chain, Avalanche, Polygon, Cronos, Fantom, and Celo are supported at launch) and allows developers to deploy assets on any of them without maintenance. In the future, it will also allow digital creators with no coding skills to deploy their own multi-chain tokens.
While the design of the Pantos is extremely innovative, the most encouraging aspect is the level of attention given to its safety. While no project can claim to be truly unhackable, Pantos has dedicated years of effort in partnership with some of the industry’s leading academics and scientists, testing every aspect of its multi-chain token ecosystem to minimize the potential attack surface. Professors are leading these efforts. Stephen Schulte Technical University of Hamburg and Matthew Maffei from TU Wien, later made a number of security improvements to Bitcoin’s Lightning Network. Together with a team of other researchers, he went through the entire Pantos codebase to identify and fix any vulnerabilities and exploits.
With enhanced security, Pantos positions itself as a layer 0 network for all major blockchains. It will become more than just a bridge, providing the robust underlying infrastructure for interacting with Web3 that the industry sorely needs.
Image by angelabeauchamp79 from Pixabay
Credit : www.newsbtc.com
