September 9, 2021
You’ll often hear people talk about ‘blockchain’ or ‘the blockchain’ as if it’s some kind of monolithic entity. But there are actually hundreds of different blockchains operating at the moment, each acting as the consensus network of its own cryptocurrency. Nor is there any upper limit to how many could be created.
Given the fact that they are all blockchains, you might ask if they are inter-compatible. A reasonable question with a simple answer: no.
The Bitcoin blockchain doesn’t know what’s going on with the Ethereum blockchain, and vice versa, because neither receives input from the other network. And if you were to try and send BTC to an ETH address, that BTC would disappear into limbo, never to return.
Why does this matter?
The lack of interoperability is a major hurdle that needs to be passed to achieve mass adoption.
To understand why, just imagine what would happen if all the world’s banks suddenly stopped accepting payments from anyone apart from their own customers. Incredibly inconvenient to say the least, I’m sure you’ll agree. And imagine if blockchain networks were used for things like criminal records, academics, and healthcare – not being able to access the records of a different network would become actively harmful – and even dangerous.
How can it be fixed?
There are two ways that this could be solved. One would be if one blockchain were to be used for everything, which is unlikely to happen. The other way is with a technology called ‘bridges’. Bridges are specialist software applications that allow tokens to transfer between blockchains.
How do bridges work?
To explain it in simple terms: a cross-chain transaction has a source and target blockchain. In order for an asset to transfer from one to the other, it must be disabled on the former (by being burned or locked), and an equivalent minted on the latter. These equivalent tokens are known as ‘wrapped’ tokens. In other words, the token doesn’t really pass between the two networks, but the two agree by consensus to synchronize their books.
It’s estimated that 1 percent of all circulating bitcoins – at a total value of around 6 billion USD at the time of writing – is held as wrapped equivalents (WBTC) on the Ethereum blockchain. Why? Because the Bitcoin blockchain doesn’t have the capabilities of Ethereum. Using WBTC allows users to get the best of both worlds – in particular, the benefits of yield farms and other DeFi protocols that provide interest payments to participants.
Another important point to understand is that bridges, like other types of cryptocurrency-related services, can be centralized or decentralized. In the case of bridges, these terms are ‘federated’ and ‘trustless’, respectively. With a federated bridge, requests from the source to the target blockchain have to go through nodes designated the task; as with all centralized mechanisms, this presents a security risk. In contrast, trustless bridges work through wider consensus mechanisms that are less susceptible to corruption. Cross-chain transactions are verified by users who are incentivized to do so with a reward system, in a similar way to proof-of-work mining.
That’s not to say that trustless bridges can’t bring issues – a badly-written smart contract, for example, can lead to a lot of problems.
That brings us to the hack of the Poly Network in August 2021, which saw more than $600 million of cryptocurrency stolen from three of the world’s biggest blockchains. This made it, officially, the biggest crypto hack in history, surpassing even the $500 million stolen from Coincheck in 2018.
How did it happen?
The Poly Network, developed on the NEO blockchain, acts as a three-way bridge between the NEO, Ethereum, and Binance Smart Chain blockchains.
It works with a smart contract called ‘EthCrossChainManager’. A user that wants to transfer from one chain to another submits their signed transaction to EthCrossChainManager, which checks its validity and executes the same transaction on the target chain.
The original validation of the transaction is carried out by a designated ‘keeper’, which are users delegated this task.
The weakness that the hacker discovered was twofold: one, that EthCrossChainManager only checks if a block was signed by a keeper (rather than checking if the block itself is valid), and two, that EthCrossChainManager has the power to change who the keepers are.
The hacker simply replaced the real keepers with their own. Once that was done, they were able to use the smart contract to make fake transactions on all three target blockchains, and thus extract a huge amount of free money.
What can we learn from this?
There was a happy ending to the saga – although the money couldn’t be forcefully retrieved, the community was able to blacklist the hacker’s wallets. As a result, the hacker returned all of the money. Why risk getting caught over money they couldn’t use?
So that’s at least one positive that we can take from this hack. Even in the absence of a central regulatory body, the power of the community was enough to solve the problem.
Another interesting point was raised by Shixing Mao, CEO of F2Pool. He pointed out that the hack will accelerate bridge development, and even went so far as to call it “historic”. He makes a good point; it can be argued that trials by fire like the Poly Network hack are a necessary evil, teaching blockchain developers about flaws and loopholes in their applications that they missed while writing them.
Bitcoin is a simple idea, and this simplicity gives it strength. Conversely, blockchain bridges are necessarily complex, and as such prone to errors in their construction. Yet, the global adoption of cryptocurrency won’t be possible without them.