Insecure
An exploration of the current state of blockchain security
Why is security important?
In many ways, blockchain networks are like virtual vaults that hold billions, or even trillions, of dollars in cyberspace. The most obvious example of this is the Bitcoin Blockchain, which is currently securing about $815B worth of value, making it more valuable than all but the 5 richest companies on Earth today (Apple, Microsoft, Google, Amazon & Tesla). However, even beyond that, in a world where payment channels and digital networks (such as those owned by the aforementioned companies) are almost exclusively privately owned and operated, blockchains represent rare examples of truly valuable publicly owned and operated digital networks.
Now, unlike non-digital currencies such as US dollars, Bitcoins and other crypto-assets cannot be withdrawn from their network and stored under a mattress or in a physical bank or vault. You can of course store your private keys offline using some form of cold storage, but there is no way to escape the fact that these digital assets are ultimately secured by their underlying network. No matter how safe your keys are, if the network itself is compromised, you are at risk.
So what does all this mean?
Most fundamentally, it means that Blockchain as an industry and technology platform will struggle to achieve mainstream adoption unless it can be proved that these networks are more secure than incumbents and alternatives. It means that if the average person, company, or government cannot trust that their digital assets will not be stolen, cloned or otherwise compromised… much of crypto’s grand vision falls apart. The great paradox of this “trust-minimizing” technology is that there is actually a significant trust-based barrier to entry for most people, especially when we take into account how little is actually understood about the technical functionality of a blockchain network.
We should still remember that while we want blockchains to be at least as secure as traditional networks, the bar should actually be quite a bit higher. Even in today’s world of siloed, walled-garden internet companies and privately owned digital networks, security is still a huge issue. You will be hard-pressed to identify a valuable entity that has not been hacked or breached in some fashion, whether it’s Facebook, Alibaba, Microsoft, or the United States government. The Age of Information has (fortunately or unfortunately depending on who you ask) turned out to also be the Age of Cyber-Warfare and the Death of Privacy. This is why it is imperative that those of us who wish to see this industry grow and thrive for many years to come do what we can to strengthen both the reality and the perception of blockchain security. So much is riding on this.
How are we measuring and defining security?
There are a couple different ways to think about security risks in the blockchain space. Let’s take a closer look at a few of them:
Centralization Risk
Centralization is not often perceived as a security issue, as many people in the blockchain industry often reference the trilemma framework (centralization, security & scalability) which conceives of security and centralization as separate issues. What this mental model misses is that much of the risks associated with centralization are fundamentally about the security of property, rights & freedoms. For example, much of the problem with having a large centralized government is the risk that these benefits can be unilaterally seized or constrained without any form of due process or accountability (i.e. The US Government making it illegal for American citizens to hold gold in 1934). An example of this that is more native to the blockchain ecosystem is the problem of centralized nodes & validators. Many critics and skeptics of Bitcoin have (correctly) pointed out that a majority of the mining power being owned and operated by a small group of colluding entities could pose a serious threat to the security of the Bitcoin Blockchain.
The other serious problem with centralization is this idea of a single-point-of-failure. The idea here is less about corrupt centralized actors and more about decreasing the cost of external attacks, thus incentivizing them. To illustrate how this might work in practice, let’s consider an example: The U.S. Economy. If we had to identify a single-point-of-failure within the U.S. Economy, we might pick the Banking Industry, or more specifically, a handful of legacy financial institutions that are widely considered to be “too big to fail.” An adversary hoping to attack the economy might look here, knowing that despite how complex and multifaceted the economy is, compromising a centrally important node could bring the entire network to its knees.
Smart Contract Bugs & Errors
Most people would probably agree that the emergence of smart contracts is one of the most incredible and innovative use cases for blockchain networks, however most can also probably agree that they represent a new and unique vector for attack. In the first two months of 2022 alone, we have already seen the second largest DeFi hack ever — in which 120k wETH (valued at ~ $375M) was stolen from Wormhole, a cross-chain bridge protocol that connects many of the most popular chains in the ecosystem. As the dust settled in the aftermath and incident reports were conducted, it became clear that this was in fact due to a smart contract exploit.
Now, we won’t get into the technical weeds of the various kinds of smart contracts hacks and how exactly they happen, but what is important to understand is that bugs and vulnerabilities in these contracts can be exploited without the underlying blockchain protocol being compromised. It’s also important to understand that this is probably the most prevalent issue in the industry today, as virtually anyone can deploy any kind of smart contract to any blockchain network, no matter how buggy or poorly written the code is. Many projects have set up large Bug Bounties, which essentially offer compensation (sometimes millions of dollars) to developers who can identify and flag potential vulnerabilities to the core team, in hopes of incentivizing people to use their hacking talents for good causes.
Corrupt Nodes & Validators
Some might argue this issue should fall into the category of Centralization Risk, which isn’t necessarily wrong, but I think it’s worth exploring as a separate and unique issue. If you’ve been in the blockchain space for some time, you’ve probably heard the term 51% Attack — which essentially refers to a situation in which one person or one group of people gain control of more than 50% of a blockchain’s hashing power. This allows those individuals to engage in malicious behaviors such as halting new transactions or reversing completed transactions (also known as double spending). The 51% Attack is typically used in reference to Bitcoin and Bitcoin miners, but a similar concept can apply for proof-of-stake chains like Solana or Terra and their network validators. This kind of security risk is arguably the worst and most detrimental out of all the risks discussed here, mainly because it can lead to changes in the underlying blockchain that are likely to cause a severe and abrupt collapse in widespread confidence and investment. One extreme example of this is a scenario where the Bitcoin Blockchain is compromised in a 51% Attack and hackers engage in double-spending, thus completely undermining the belief in Bitcoin as a fundamentally scarce and incorruptible asset.
One of the most common ways to understand the likelihood or feasibility of such an attack is to quantify how much it would cost to control 51% of a network’s hashing power. Part of why many people believe Bitcoin currently represents the pinnacle of blockchain security is because this number is estimated to be in the billions of dollars (ranging between roughly $5B and $15B based on recent price action). There is obviously a very limited number of entities in the world that even have access to billions of dollars of liquid capital, and even fewer who could move that kind of money around or use it to purchase mining hardware without anyone noticing or tracing it. The flip side of those economics, however, is that the Bitcoin Blockchain is currently worth ~ $815B, which means a hacker looking to engage in a 51% Attack would essentially be spending a couple billion dollars to steal a couple hundred billion dollars. Not a bad deal!
The Current Landscape
In digging into the current landscape of blockchain security, it’s worth focusing more exclusively on this problem of Corrupt Nodes & Validators. Despite its importance, this issue is noticeably not as discussed or well-understood as the other two security risks mentioned in this piece, especially outside the context of the Bitcoin ecosystem.
In a recent article about Interchain Security, Cosmos Hub Lead Billy Rennekamp provided a rough framework for estimating and understanding how secure a blockchain is. While proof-of-work blockchains like Bitcoin are vulnerable to the 51% Attack, Tendermint consensus (used in the Cosmos ecosystem) is built so that a variety of attacks require the hacker to acquire more than ⅓ or ⅔ of all staked tokens (based on the kind of attack). Multiplying the number of tokens needed to accumulate ⅔ of the network’s stake by the current price of the token gets you what Rennekamp calls the Cost of Corruption (CoC). He then notes, “…it’s important that the total value locked (TVL) on a chain remains less than the Cost of Corruption, otherwise the chain should be considered insecure.”
I decided to take this rough model and extrapolate it across the ecosystem of proof-of-stake chains just to see if I’d find anything interesting. I looked at the top 8 chains by staked value, and used the ⅔ (more challenging) figure to calculate the cost of corruption for each.
Solana and BSC are clear stand-outs here, most notably for their relatively high staking ratios and secure cost of corruption relative to total value locked. The fact that over 75% of SOL’s total supply is being used to secure the chain is impressive to say the least, especially when taking into account how robust Solana’s DeFi ecosystem is. With staking rewards sitting below 6%, the potential opportunity costs of staking your SOL versus earning yield elsewhere are definitely non-trivial, and yet many seem to be staking anyways.
Terra and Fantom are also standouts, but not for a good reason. Both of these chains have seen parabolic growth in their DeFi ecosystems at different points over the last year, but they have not seen proportionate growth in their staking ratios (and thus CoC). Of Terra’s $22B TVL, over $11B is held on Anchor protocol, an on-chain money market where users can earn 20% APY on UST stablecoins. The market cap of UST alone grew from under $200M to over $10B over the course of 2021, making it the undisputed leading driver of growth within Terra’s DeFi ecosystem. Fantom, on the other hand, saw its TVL rise from under $2B in October 2021 to over $12B by the end of January 2022 as many of its highly anticipated DeFi apps came online. Using this very rough Cost of Corruption framework, Fantom is by far the most insecure chain out of the 8 mentioned above, with a TVL that is almost 10x the cost of corruption and 2x the entire market cap.
The rest of these chains either have TVLs that are roughly equal to their CoC (Avalanche & Polygon) or simply appear secure primarily due to not having robust DeFi ecosystems (NEAR & Cardano) and thus smaller TVLs.
What does all this mean?
It means that the current state of blockchain security is somewhat precarious and unsustainable. There is a lot of talk about the “extreme” volatility of crypto prices, but less understanding around how the security of these underlying chains can be affected in real time by the price action and selling pressure that inevitably makes its way into crypto markets at certain points. Negative price action followed by unstaking and selling, followed by more negative price action, leads to a downward spiral that is not in the best interest of sustainable security. Beyond that, as stablecoins become more popular and users seek out safe havens in USDC, USDT or UST rather than “cashing out completely,” it may often be the case that market drawdowns bring CoC down more than TVL. To put it simply, the current economic incentives around blockchain security are simply not good enough.
Luckily… the brightest minds in the space are already rolling out some incredibly innovative and exciting alternatives.
Exciting Future Solutions
Liquid Staking
At its core, liquid staking is focused on addressing the incentive issue that arises when crypto users must choose between earning yield from staking rewards or from participating in DeFi. Ideally, most users would stake their coins, but when you can earn 1000% APY from yield farming on a new DEX versus 6% from staking, the latter is simply less attractive to most. What liquid staking allows users to do is leverage their staked assets so they can be used in DeFi while still being used to help secure the chain. Popular services such as Lido provide liquid staking for ETH, LUNA, SOL and KSM — all you have to do is deposit your assets (let’s say LUNA) and you’ll receive a synthetic derivative asset (let’s say bLUNA), which can then be traded and used in DeFi like any other liquid asset — all while still earning staking rewards!
Superfluid Staking
Superfluid staking is a brand new kind of staking solution that is currently exclusively available on Osmosis, the Interchain DEX native to the Cosmos ecosystem. As you may have guessed from its name, this concept takes the idea of liquid staking one step further by allowing users to earn staking rewards on the tokens locked in their LP positions. So for example, if I deposit my assets into an $ATOM/$OSMO liquidity pool on Osmosis, I can actually earn staking rewards on my $OSMO in addition to the rewards I earn from providing liquidity to the DEX. While still very new, this feature represents the beginning of what is possible in the world of security innovations.
Shared Security
Like superfluid staking, the most interesting shared security innovations are largely being developed and utilized within the Cosmos ecosystem at the moment. The main idea here is allowing sovereign blockchains with their own validators to actually share security with each other by way of validators running multiple nodes for different chains. The grand vision, in the case of Cosmos, is for the chains within the ecosystem to be able to share security with each other via their Inter-Blockchain Communication protocol (commonly known as IBC). Not only does this create network effects around security within the ecosystem, but it also lowers the barrier to entry for new chains coming online. Incentivizing (quality) validators to help secure your chain can be extremely difficult and expensive, especially as the market becomes saturated with proof-of-stake chains.
Leased Proof-of-Stake (LPoS)
A lesser known but still exciting solution is Leased Proof-of-Stake (LPoS) which is used by Octopus Network, a substrate for building application-specific blockchains on NEAR Protocol. This model is unique in that it treats blockchain security like a form of capital or collateral — which can be leased. Blockchains looking to utilize Octopus Network for security can simply pay for exactly as much security as they feel they need, which stands in stark contrast to models like Polkadot or other L1s where security leasing is either not an option or is far less flexible and far more expensive. The LPoS model also works especially well for Octopus Network since they are not a chain but rather a set of smart contracts running on NEAR, which means that chains built on top do not need to compete with it’s staking rewards (it has 0) through unsustainable inflation rates.
Final Thoughts
Ultimately, there is no doubt that there is a significant amount of work to do when it comes to securing blockchain networks across all attack vectors. From buggy code, to centralization, to backwards staking incentives, most of these networks are not yet ready to be the de-facto financial rails of the world. That doesn’t at all mean that they’ll never be ready, though. Now that crypto and blockchain have finally broken into the mainstream for good, it is inevitable that more and more brain power and financial resources will be poured into tackling these issues from various angles — with the roll out of Cosmos Interchain Security hopefully being a catalyst and setting a new industry standard. There will be more painful hacks and losses along the way no question, but the ultimate goal of building truly secure and publicly owned digital networks is well within the horizon.
Sources
https://braiins.com/blog/how-much-would-it-cost-to-51-attack-bitcoin
https://extropy-io.medium.com/solanas-wormhole-hack-post-mortem-analysis-3b68b9e88e13
https://cointelegraph.com/news/wormhole-hack-illustrates-danger-of-defi-cross-chain-bridges
https://www.stakingrewards.com/
https://wallet.keplr.app/#/dashboard
https://github.com/octopus-network/papers/blob/main/Octopus%20Network%20White%20Paper.pdf
https://medium.com/osmosis-community-updates/osmosis-superfluid-staking-faq-a7b49797cb72
