Disclosure: The views and opinions expressed herein belong solely to the authors and do not represent the views and opinions of crypto.news editorials.
Last November, DEX aggregator KyberSwap was hacked to the tune of $47 million, destroying its protocol and costing liquidity providers money. In a bizarre twist, the mysterious hacker has made an unprecedented demand that the stolen funds be released only if the entire management team resigns and makes him CEO. Naturally, this request was denied and the hacker began bridging the stolen funds to Ethereum using his Synapse protocol.
KyberSwap narrowly survived the incident, but was forced to cut half its workforce in the process as the total amount locked down fell by 68%. Like all defi hacks, this one is disappointing, but it also has a silver lining.
According to Chainalysis data, the value lost to defi hacks decreased by 64 percent in 2023 compared to the beginning of crypto winter, and the median loss per hack decreased by 7.5 percent. Of course, this is a positive development and a testament to the overall progress of the DeFi space and advances in security. Bridges (blockchain protocols that facilitate cross-chain interoperability) expand defi capabilities by unlocking isolated “islands” of liquidity and allowing assets to flow more freely. contributed to.
Bridges foster innovation by allowing developers to explore new ways to leverage cross-chain capabilities. This can be seen through the development of new financial products, increased scalability, enhanced privacy features, easier collaborative measures, and flexible risk management.
Despite a decline in security breaches and a proliferation of bridge-based defi innovations, blockchain interoperability remains quite limited. Rather than promoting universal interoperability, each cross-chain protocol or bridge represents a link between two blockchain networks. In other words, true interoperability requires a complex web of numerous protocols that link all blockchains together.
This presents unique security challenges. Despite the decline in hacking, the defi space is still occupied by hackers looking for potential flaws in protocols and vulnerabilities in smart contracts. Since most bridges rely on smart contracts, we expect hackers to continue to test them, including centralized exchanges, layer 2 chains, and a set of oracles hosted by third-party servers.
Since most bridges interact with external systems and are exposed to hacking and manipulation, it is nearly impossible to completely eliminate inherent security challenges, especially for unregulated bridges. Users who transfer assets between disparate blockchain networks via trusted or trustless bridges must consider serious security concerns.
Generally, trusted bridges like Binance Bridge offer simplicity and compliance at the expense of centralization through third-party entities. Trustless bridges, on the other hand, prioritize decentralization, security, and permissionless access, but rely on smart contracts, which provides hackers with a clear attack vector.
However, both types of bridges can and have been exploited. Moreover, in most bridges he generally lacks KYC and AML protocols, which makes him a hacker's best friend when he needs to launder stolen funds. Because bridges are the closest and most accessible mechanism to remove barriers between separate blockchains, defi developers and users should proceed with caution when using cross-chain protocols.
The choice between trustless and trusted bridges depends on the specific use cases, requirements, and tradeoffs that developers and users prefer or are willing to accept. The average Web3 user looking to transfer funds from one wallet to another might choose Trusted Bridge for its simplicity, speed, and low gas fees. However, dApp developers may prefer trustless bridges to maintain full control of their assets within a decentralized environment.
Security elements are often taken for granted when trying to bridge assets. While both trustless and trusted bridges can be followed with varying degrees of compliance and risk mitigation, or abandoned entirely, there are certainly advantages to using a bridge with a robust layer of compliance. There are benefits.
To better understand the possible implications of these security risks, let's return to the KyberSwap hack.
Analyzing on-chain data, it is clear that had a compliance layer been deployed on the Synapse protocol, hackers would never have been able to funnel assets into Ethereum-based wallets and get away with it. A risk mitigation platform with an end-to-end compliance module can be applied to any dApp or protocol to deny potentially questionable transactions, such as the movement of millions of dollars in stolen funds.
Risk mitigation is no longer a “bonus feature” that projects can put aside. Compliance will become increasingly important as regulators consider more comprehensive legislation, especially as traditional financial institutions continue to court DeFi services to their customers.
It is important to note that adding a layer of compliance to decentralized protocols is not an argument against censorship or the core ethos of cryptocurrencies of economic freedom and disintermediation. Rather, it is solely intended to protect user assets from takeover by criminals, terrorist sponsors, and other malicious actors.
As the cryptocurrency world strives for wider adoption, the need for compliance mechanisms is more important than ever. Defi attack vectors are constantly evolving, and hacking and theft will continue to threaten the integrity of the entire industry and undermine the goal of mainstream adoption.
While bridges do not enable universal interoperability across the vast blockchain ecosystem, proper compliance can reduce risk for users and developers and protect defi progress. Therefore, developers would be wise to take bridge compliance standards into account when engaging in cross-chain transactions.
