A Bridge Too Far: Does the Wormhole Hack Mean the Multi-Blockchain Dream Is Dead?

Bridges and other connections between blockchains present inherent security challenges. Whether those can be solved will determine the future of the entire ecosystem.

By David Z. MorrisLayer 2
AccessTimeIconFeb 4, 2022 at 6:21 p.m. UTCUpdated Feb 4, 2022 at 7:17 p.m. UTC
By David Z. MorrisLayer 2
AccessTimeIconFeb 4, 2022 at 6:21 p.m. UTCUpdated Feb 4, 2022 at 7:17 p.m. UTC

David Z. Morris is CoinDesk's Chief Insights Columnist. He holds Bitcoin, Ethereum, and small amounts of other crypto assets.

This week’s $326 million hack of the Wormhole blockchain tool may feel bizarrely routine. It’s a massive theft by any sane standard – if it had been an old-fashioned bank robbery, it would have been the second largest of all time. But in crypto, it’s only the fourth-largest hack in a single brief decade. Some argue these recurring hacks are part of a learning process on the way to better security, though at this point it’s starting to feel more like an inevitable risk, just the cost of doing crypto business.

This article is excerpted from The Node, CoinDesk's daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

But the Wormhole hack has much more specific implications for how the crypto-financial system will evolve. Wormhole is what’s known as a “bridge,” essentially a way to move control of digital assets from one blockchain to another. Moving assets between chains is a uniquely complex and strange task, even for the crypto world. Ethereum co-founder Vitalik Buterin presciently warned in early January of the “fundamental security limits of bridges.” Hart Lambur, co-founder of the oracle protocol UMA, warned on a Jan. 13 “Bankless” podcast episode that a poorly designed bridge “exposes users to a lot of risk that they don’t know they’re taking.”

At least on its face, the Wormhole attack certainly seems to support these grim assessments, with massive implications for investors and developers. That’s because the potential for secure inter-chain transfers will determine one of the most fundamental questions about the future of crypto: Will every blockchain be an isolated, independent ecosystem, or will they be able to talk to each other securely?

(There are entirely different concerns about Wormhole tied to the news that Jump Trading will simply refill the stolen ETH and make Wormhole users whole. That raises questions of moral hazard similar to those in fiat bailouts, but we’ll save those for another day.)

The utility of inter-blockchain communication is clear. Wormhole, for instance, allows “wrapped ETH,” a synthetic asset intended to be collateralized by actual ETH, to be traded on the Solana blockchain. That opens up a lot of interesting arbitrage opportunities for traders, as well as healthier diversification in things like liquidity pools.

More fundamentally, inter-blockchain communication is key to addressing scaling challenges. Ethereum, notoriously, has been experiencing extremely high fees in recent years because of congestion on the layer 1, or base, chain, which can be relieved by layer 2 companion systems built on top of it, but also by offloading some demand to independent chains. For instance, it’s not unreasonable to argue that more non-fungible tokens (NFT) can and should be minted on purpose-built blockchains.

But all of this starts to fall apart if separate chains can’t be made securely interoperable. In a world without trusted interchain communications, each layer 1 blockchain (Bitcoin, Ethereum, Avalanche, Tron, etc.) would have to rely entirely on capital, applications and users native to it. All things being equal, that would probably be a huge edge for Ethereum, simply because it has had such a head start in the smart contracts world. It would also be rather pessimistic for blockchain tech as a whole because it would make each blockchain more of a Web 2-style “walled garden,” reducing synergies and user choice.

The challenge of building secure bridges is a matter of visibility and trust. Very broadly, things like “wrapped ETH” on Solana can only be trusted if the bridge can truly assure that ETH collateral really exists on the Ethereum blockchain. But that introduces an inherently large number of opportunities for falsification because Solana (in this case) simply doesn’t have full access to the data and verifications that make native ETH trustworthy.

A compelling illustration of this challenge was offered this week by the YouTube channel Thinklair, which compared interchain bridges to a medieval goldsmith using a promissory note from London to collect a gold payment in Paris. Just like those once-distant cities, communicating between blockchains involves a lot more uncertainty and, in some cases, a lot more trust of specific actors than transacting on a single blockchain and its “local” ecosystem. The Wormhole attacker was apparently able to spoof a signature on a promissory note, much as a traveling medieval con man might have.

The good news is that even if bridges like Wormhole turn out to be inherently risky, there are other approaches to representing assets across chains. Cosmos and Polkadot in particular are major projects from reputable teams building inter-blockchain connections that may be more secure than bridges like Wormhole. Cosmos’ system includes a standard called Inter-Blockchain Communication protocol, or IBC. Polkadot focuses instead on connecting “parachains” to its coordinating “relay chain.”

The computer-science nuances of those systems are beyond the scope of this column. But serious blockchain investors should spend some time trying to get a grip on the various inter-chain systems. Which ones succeed and which ones fail will have major implications for the entire industry.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

David Z. Morris is CoinDesk's Chief Insights Columnist. He holds Bitcoin, Ethereum, and small amounts of other crypto assets.

David Z. Morris is CoinDesk's Chief Insights Columnist. He holds Bitcoin, Ethereum, and small amounts of other crypto assets.