The Wormhole hack at about $320M may very well be categorised as a counterfeit operation and a financial institution theft on the identical time. This makes it each the most successful counterfeiting operation in historical past and the second-largest bank robbery ever. A brilliant forensic reverse engineering job of the hack revealed on Twitter by @samczsun highlights each the technical complexities of L1 Bridges (techniques that may transport worth between totally different Layer 1 blockchains) and the present lack of technical and financial safety requirements. The kind of code exploit used just isn’t confined to L1 bridges, by the way in which, however might occur in DeFi protocols as properly that make use of related authentication strategies. The kicker is that the bug fix of the hack was available on a public code repository for two weeks prior to the hack. This will likely properly have been what alerted the hacker to the exploit. Good vulnerability response processes maintain issues below wrap till the vulnerability is fastened, and solely then made public.
Nevertheless, with billions locked up in L1 bridges, and elevated demand, the query is, are L1 bridges creating the crypto equal of the mortgage-backed securities disaster of 2008?
The quick reply is sure! The Bridges trade is solely not but refined sufficient to take care of that a lot worth, and, due to this fact, that a lot danger. This is sort of a decrease league group immediately competing within the UEFA Champions League with out the right gamers and assets, also called a pre-programmed catastrophe! Vitalik Buterin gave nice and easy causes in a latest Reddit thread concerning the systemic dangers of L1 bridges.
As L1 bridges are shortly locking extra worth, the chance is growing quickly, and turning into systemic. Right here is an easy instance: I take out an overcollateralized mortgage on say an Aave mortgage pool utilizing bridged tokens similar to WSOL or WADA or WBTC as collateral. What if the WADA is definitely W-WADA coming from Solana, and WBTC is W-WBTC coming from Cardano? Meaning the lender should not solely belief the safety of the unique Cardano, Solana, Ethereum, and Bitcoin Layer 1 networks. The lender should additionally belief the safety of 5 totally different bridge operator networks with considerably fewer validators than the L1 networks, and in some instances advanced, unaudited code. As well as, the lender should belief that the funds weren’t illegally minted on some bridge, which might make the mortgage really undercollateralized.
That is akin to the mortgage-backed securities disaster the place all people ASSUMED the costs would proceed to go up, all people ASSUMED loans weren’t given to financially unsophisticated individuals, all people ASSUMED default charges wouldn’t enhance considerably, regardless of low teaser charges on NINJA loans resetting after a 12 months or two. And we all know what occurred then.
The writing is on the wall within the crypto group as properly … except L1 bridge networks develop up, take heed to the adults within the room, and comply with interoperability specifications and security guidelines as revealed by requirements our bodies such because the Enterprise Ethereum Alliance Interop Working Group, which all the time welcomes new contributors to enhance cross-chain safety.
Till then … Bridger beware!