Multisigs mean funds in bridges are ‘one small slipup’ from being hacked


A recent exploit in Harmony’s Horizon Bridge has exposed inherent flaws in multi-signature management switches that leave projects and their users “one little slip” of deep trouble.

Two crypto-project leaders have expressed concern that expanding the multi-chain ecosystem could hamper the use of multisig contracts due to the risks they pose with the bridges that keep crypto funds secure.

Multisig refers to the requirements of multiple individuals to agree to a transaction. A multi-chain ecosystem is an assembly of hundreds of blockchains with varying consensus algorithms that often interact through token bridges.

Moonbeam blockchain founder Derek Yoo told Cointelegraph that he advocates new approaches to security aimed at taking the element of human error out of the equation. Yu said that the multi-chain ecosystem is seeing an increasing increase in usage due to “a desire to move assets to different chains,” but it needs much better security measures:

“There are inherent weaknesses in the multisig approach that expose you to hacking risks. It takes a small slip and you are in big trouble.”
Moving assets between chains usually require token bridges, such as the Horizon Bridge, which was exploited on June 23 for about $100 million in crypto assets. Horizon was hacked when two of the signing keys for his multisig contract were discovered by an attacker.

Yu noted that the multisig approach may be the industry standard at the moment, but it’s far from the gold standard. In his estimation, there are more secure designs that can be implemented to deliver tokens, such as using a separate Proof of Stake (PoS) network for transfers. He feels that while developers have to compromise to get into chains with high activity:

“Inter-chain communication at the blockchain level is the bleeding edge and the most secure type of bridge.”
Mina Foundation CEO Evan Shapiro – who developed the Mina blockchain – Yoo shares Yoo’s distrust of the multisig approach given the more advanced measures currently available to the industry. He feels that the biggest problem facing the multi-chain ecosystem is an over-reliance on trust. He told Cointelegraph on Thursday:

“The obvious problem is that third-party custodians act as trusted bridge brokers.”
In his opinion, the ideal example would be the verification of block chains by each other, but he admits that this is not possible and inefficient. The alternative is to use zero-knowledge proofs that compress and verify the massive amount of data stored on the blockchain.

RELATED: Ronin Bridge Militant Fighting Reopens to Axie After $600 Million Hack

Shapiro distilled the dilemma presented by token bridges down to who or which entity users trust when associating tokens. He said it does not matter if the bridge is the first party as it is the case with the horizon bridge or the third party. “It’s not about code development,” he said:

He talks about the dangers of guard bridges. If you have a sponsorship bridge, a fixed number of people can bargain over it.”



Please enter your comment!
Please enter your name here