News

Defi builders need to choose their bridge wisely

Published

8 months ago

on

Disclosure: The views and opinions expressed herein are solely those of the author and do not represent the views and opinions of the crypto.news editorial.

Last November, DEX aggregator KyberSwap was breached to the tune of $47 million, causing its protocol to fail and losing funds from its liquidity providers. In a strange twist, the mysterious hacker made an unprecedented demand to release the stolen funds only if the entire management team resigned and made him CEO. Not surprisingly, this request was rejected and the hacker began transferring the stolen funds to Ethereum using the Synapse protocol.

KyberSwap barely survived the crash and was forced to cut half its workforce, as its total value was frozen fallen by 68%. Like all Defi hacks, this is unfortunate, but there is a silver lining.

Compared to the early days of the cryptocurrency winter, value loss in Defi hacks fell 64% in 2023, with average loss per hack down 7.5%, according to Catenaanalysis data. Of course, this is a positive development and a testament to the overall progress of the defi space and its progress in terms of security. Bridges – blockchain protocols that promote cross-chain interoperability – have contributed to the expansion of defi capabilities by unlocking isolated “islands” of liquidity, allowing assets to flow more freely.

The value lost in Defi hacks | Source: Catenaanalysis

Bridges also spur innovation by allowing developers to explore new ways to use cross-chain capabilities. We can see this through the creation of new financial products, better scalability, improved privacy features, simpler collaboration measures and flexible risk management.

Despite the decline in security breaches and the surge in bridge-based defi innovation, blockchain interoperability is still quite limited. Instead of promoting universal interoperability, each cross-chain protocol or bridge represents a link between two blockchain networks, meaning that true interoperability would require a complex network of numerous protocols connecting each blockchain to each other.

This provides a number of security challenges. Despite the decline in hacks, the defi space is still flooded with hackers looking for potential flaws in a protocol or smart contract vulnerability to exploit. Since most bridges depend on smart contracts, you can expect hackers to continue testing them, whether it’s a centralized exchange, a layer 2 chain, or a series of oracles hosted by a third-party server.

The inherent security challenges, especially on unregulated bridges, are nearly impossible to completely eliminate because most bridges interact with external systems, making them susceptible to hacking or manipulation. Users transferring assets between different blockchain networks via a trusted or untrusted bridge they must weigh serious safety concerns.

In general, trusted bridges like Binance Bridge offer simplicity and compliance at the expense of centralization via a third-party entity. Trustless bridges, on the other hand, prioritize decentralization, security, and permissionless access, but their reliance on smart contracts provides hackers with a clear attack vector.

However, both types of bridges can and have been exploited. Additionally, the general lack of KYC and AML protocols in most bridges makes them hackers’ best friends when they need to wash stolen funds. Since bridges are the closest and most accessible mechanism for removing barriers between isolated blockchains, defi developers and users must proceed with caution when using any cross-chain protocol.

The choice between trustless and trusted bridges depends on the specific use case, requirements, and tradeoffs that developers or users prioritize or are willing to accept. An average web3 user who wants to transfer funds from one wallet to another can opt for a reliable bridge due to its simplicity, speed and lower gas fees. However, a dApp developer may prefer a trustless bridge to maintain complete control over their assets within a decentralized environment.

The security factor is often taken for granted when trying to connect resources. While both trustless and trusted bridges can adhere to different levels of compliance and risk mitigation, or eliminate them altogether, using a bridge that has a robust level of compliance definitely has its merits.

Let’s return to the KyberSwap hack to better understand the possible implications of these security risks.

Analyzing the on-chain data, it is evident that if the Synapse protocol had implemented a compliance layer, the hacker would never have been able to funnel assets into an Ethereum-based wallet and escape. A risk mitigation platform with an end-to-end compliance module can be applied to any dApp or protocol and reject potentially problematic transactions such as moving millions in stolen funds.

Risk mitigation is no longer a “bonus feature” that projects can toss aside. As regulators develop more comprehensive laws, compliance will become increasingly important, especially as traditional financial institutions continue to flirt with providing Defi services to their clientele.

It is important to note that adding a compliance layer to any decentralized protocol is not about censorship or opposition to cryptocurrency’s core ethos of financial freedom and removing middlemen. Rather, it is solely about protecting user resources from attack by criminals, terrorist supporters, and other bad actors.

As the cryptocurrency world looks towards wider adoption, the need for compliance mechanisms is more vital than ever. With attack vectors in defi constantly evolving, hackers and thieves will continue to threaten the integrity of the entire industry and undermine the goal of mainstream adoption.

While bridges do not enable universal interoperability across the vast blockchain ecosystem, proper compliance can reduce risks for users and developers and safeguard the progress of defi. Therefore, developers would be wise to take a bridge’s compliance standards into account when making cross-chain transactions.

Guy Vider

Guy Vider is the co-founder and CTO of Kima, a blockchain-based decentralized money transfer protocol. Guy’s background includes more than two and a half decades of development leadership with roles at Yahoo, ADP, BMC, Blue Cross/Blue Shield and Fisker Automotive. Additionally, Guy has co-founded three startups and held consulting positions on deep-tech and web3 projects. In recent years he has honed his expertise in fintech and blockchain. Guy’s past entrepreneurial endeavors include Amodello, the first home design AR app in 2010, and ExPOS, a data analytics tool for the hospitality industry in 2012.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version