The Future of Cross-chain:What Went Wrong and How We Can Move Forward

Crypto needs interoperability. We need it to reduce UX complexity, enhance scaling efforts, and create a more globalized blockchain ecosystem where better data availability and composability fuel the evolution of the decentralized web.

With so much to be gained, the number of bridges that have been built is little surprise. But many of these have attracted the negative spotlight lately, and with good reason. So, here are a few thoughts on security and the future of cross-chain.

Cross-chain bridges: security incidents

In total, Chainalysis estimates that over $2 billion in digital assets have been stolen from bridges in 2022 alone. Looking at the top five or even the top ten biggest hacks in web3, we see numerous bridges on the list.

Many of the worst incidents, like Ronin, Harmony, Poly, and others, followed a multisig security model. When analyzed, a common root cause for these hacks was identified — the compromise of one or more keys of the multisig.

Therefore, it’s not unreasonable to conclude that multisig bridges are centralized, bad, and insecure. And to make web3 better, we must abandon this model and focus on making bridges trustless.

Trustless bridges

It’s often said that trustless bridges are the future, and this is, to some extent, true. But the devil is in the details. The truth is that we haven’t reached the bottom of the issue(s) or found all the “enemies” yet. Trustless bridges (e.g., light client-based) are a great model, but they come with some drawbacks that we need to consider.

For example, they are not as extensible as externally verified bridges — bridges based on an honest majority assumption, where m of n participant(s) control the validation scheme. This type of bridge can be easily extended to any EVM chain, but that is not the case for light client-based ones.

Additionally, the (trustless) Nomad bridge was compromised not long ago, losing $190m worth of assets in the process. This was due to a newly introduced smart contract bug. Although the Nomad incident featured many whitehats returning money, it proved that even trustless bridges are not immune to compromise.

What do all these hacks have in common?

The synthetic asset (“synths”) model.

All the above bridges locked a large number of assets on one side of the bridge and minted a synthetic on the other side. These assets are not “native” to an ecosystem and are more of an IOU in the sense that the synthetic is backed by the locked value on the originating chain.

What’s the problem with that model?

Continue reading on https://blog.buildwithsygma.com/future-of-cross-chain/