Multisigs mean funds in bridges are ‘one small slipup’ from being hacked

Published at: July 1, 2022

The recent exploit on Harmony’s Horizon Bridge revealed the inherent flaws with multisignature admin keys that leave projects and their users “one small slipup” from deep trouble.

Two crypto project leads expressed their concern that the expansion of the multichain ecosystem could be hampered by the use of multisig contracts due to the dangers they pose with bridges keeping crypto funds safe.

Multisig refers to the requirement of multiple individuals to approve a transaction. The multichain ecosystem is the conglomeration of hundreds of blockchains with varying consensus algorithms that often interact through token bridges.

Founder of the Moonbeam blockchain Derek Yoo told Cointelegraph that he advocates for new approaches to security that aim to take the element of human error out of the equation. Yoo said the multichain ecosystem is seeing an increased rise in usage due to the “desire to move assets to different chains,” but that it needs much better security measures:

“There are inherent weaknesses in the multisig approach that expose you to hacking risk. It takes one small slipup and you’re in deep trouble.”

Moving assets between chains usually require token bridges, like the Horizon Bridge, which was exploited on June 23 for about $100 million in crypto assets. Horizon was compromised when two of the signee keys for its multisig contract were discovered by an attacker.

Yoo pointed out that the multisig approach may be the standard for the industry at present, but it is far from the gold standard. In his estimation, there are much more secure designs that could be implemented to bridge tokens, such as using a separate proof-of-stake (PoS) network for transfers. He feels that while developers have to make compromises to get to chains with a lot of activity:

“Communication between chains at the blockchain level is the bleeding edge and is the most secure type of bridging.”

CEO of the Mina Foundation Evan Shapiro — which developed the Mina blockchain — shares Yoo’s distrust of the multisig approach given the more advanced measures available to the industry now. He feels that the biggest problem facing the multichain ecosystem is its over-reliance on trust. He told Cointelegraph on Thursday:

“The obvious problem is based on third-party custodians serving as trusted intermediaries for bridges.”

In his view, the ideal would be for blockchains to be verified by each other, but acknowledges that that is infeasible and inefficient. An alternative is to utilize zero-knowledge proofs that compress and verify the massive amount of data stored on blockchains.

Related: Battle-hardened Ronin bridge to Axie reopens following $600M hack

Shapiro distilled the dilemma presented by token bridges down to who or what entity users are placing their trust in when bridging tokens. He said that it doesn’t matter if the bridge is the first party, as is the case with the Horizon Bridge or the third party. “This is not about the development of the code,” he said:

“It speaks to the risks of custodial bridges. If you have a custodial bridge, a fixed number of people can compromise it.”
Tags
Adoption
Defi
Tokens
Smart Contracts
Communications
Multisignature
Related Posts
Respect the Pomp: RSK’s token spikes 30% after founder appears on podcast
RIF, the utility token for smart contract network RSK, shot up over 30% in price after an appearance by its founder on the Jan. 13 edition of The Pomp Podcast. The gain equates to a $36 million increase in market cap for RIF, most of which has occurred in the last 12 hours. $RIF up 20% now and it's just the beginning. Building infrastructure on top of #bitcoin The most secure network in the world. — TradingToolCrypto (@RealTradingTool) January 14, 2021 RIF, short for “RSK Infrastructure Framework,” is the token used as payment for decentralized infrastructure services which operate under …
Adoption / Jan. 15, 2021
What are the most bullish cryptocurrencies to buy right now? | Find out now on The Market Report
The Market Report with Cointelegraph is live right now. On this week’s show, Cointelegraph’s resident experts discuss what they believe are the top three most bullish coins one should take a closer look at. But first, market expert Marcel Pechman carefully examines the Bitcoin (BTC) and Ether (ETH) markets. Are the current market conditions bullish or bearish? What is the outlook for the next few months? Pechman is here to break it down. Next up: the main event. Join Cointelegraph analysts Benton Yaun, Jordan Finneseth and Sam Bourgi as each makes his case for the most bullish cryptocurrency right now. …
Decentralization / May 3, 2022
Top 7 blockchain courses and certifications for beginners
Blockchain courses and certifications can play an important role in helping individuals gain a comprehensive understanding of blockchain technology and its applications. By completing these courses, individuals can develop technical skills, stay current with industry developments, enhance their career opportunities and increase their earning potential. Here are seven blockchain courses and certifications for beginners. INE’s Blockchain Security INE’s Blockchain Security course is an online course offered by Internetwork Expert (INE) that provides a comprehensive overview of the security aspects of blockchain technology. The course covers various topics such as consensus algorithms, cryptography, network security, smart contract security, and blockchain attacks …
Decentralization / Feb. 2, 2023
Boson Protocol seeks to blend physical and digital marketplaces in the Metaverse
Boson Protocol is a decentralized commerce protocol that seeks to enable the sale of physical goods, services and experiences in the Metaverse as nonfungible tokens (NFTs), and hopes to provide an infrastructure layer for exchanging assets of non-monetary value. For example, an NFT of a pair of sneakers bought using the Boson Protocol in the Metaverse would then be redeemable for that physical pair of sneakers in the real world, and vice versa. Ahead of the launch of its first Metaverse commerce experience in Decentraland, called Boson Portal, Cointelegraph spoke with Justin Banon, co-founder of Boson Protocol, to learn more …
Adoption / Nov. 18, 2021
First steps: Basic tips for getting started investing in DeFi
Decentralized finance (DeFi) protocols have diversified investment opportunities in the crypto industry by facilitating novel and innovative passive income generation schemes. Delving a bit into how they work, DeFi systems are based on blockchain technology and run on programmable chains such as the BNB Chain and the Ethereum Network. The chains use decentralized peer-to-peer (P2P) finance architectures to cut out the middleman and enable lending, borrowing and liquidity provision. This leads to higher interest rates compared to those provided by regulated financial institutions such as banks. For perspective, many regulated banks provide interest rates of less than one percent per …
Decentralization / April 14, 2022