Is there a secure future for cross-chain bridges?

The plane touches down and comes to a halt. Heading to passport control, one of the passengers stops at a vending machine to buy a bottle of soda — but the device is absolutely indifferent to all of their credit cards, cash, coins and everything else. All of that is part of a foreign economy as far as the machine is concerned, and as such, they can’t buy even a droplet of Coke.

In the real world, the machine would have been quite happy with a Mastercard or a Visa. And the cash exchange desk at the airport would have been just as happy to come to the rescue (with a hefty markup, of course). In the blockchain world, though, the above scenario hits the spot with some commentators, as long as we swap traveling abroad for moving assets from one chain to another.

While blockchains as decentralized ledgers are pretty good at tracking transfers of value, each layer-1 network is an entity in itself, unaware of any non-intrinsic events. Since such chains are, by extension, separate entities vis-à-vis one another, they aren’t inherently interoperable. This means you cannot use your Bitcoin (BTC) to access a decentralized finance (DeFi) protocol from the Ethereum ecosystem unless the two blockchains can communicate.

Powering this communication is a so-called bridge — a protocol enabling users to transfer their tokens from one network to another. Bridges can be centralized — i.e., operated by a single entity, like the Binance Bridge — or built to varying degrees of decentralization. Either way, their core task is to enable the user to move their assets between different chains, which means more utility and, thus, value.

As handy as the concept sounds, it is not the most popular one with many in the community right now. On one hand, Vitalik Buterin recently voiced skepticism about the concept, warning that cross-chain bridges can enable cross-chain 51% attacks. On the other hand, spoofing-based cyberattacks on cross-chain bridges exploiting their smart contract code vulnerabilities, as was the case with Wormhole and Qubit, prompted critics to ponder whether cross-chain bridges can be anything other than a security liability in purely technological terms. So, is it time to give up on the idea of an internet of blockchains held together by bridges? Not necessarily.

A steep learning curve to master

There is a bigger point to be made here: Don’t blame a concept for a flawed implementation. Hackers always follow the money, and the more people use cross-chain bridges, the bigger is their incentive to attack such protocols. The same logic applies to anything that holds value and is connected to the internet. Banks get hacked, too, and yet, we’re in no rush to shutter all of them because they are a crucial piece of the larger economy. In the decentralized space, cross-chain bridges have a major role, too, so it would make sense to hold back our fury.

Blockchain is still a relatively new technology, and the community around it, as vast and bright as it is, is only figuring out the best security practices. This is even more true for cross-chain bridges, which work to connect protocols with different underlying rules. Right now, they are a nascent solution opening the door to move value and data across networks that make up something bigger than the sum of its components. There is a learning curve, and it’s worth mastering.

While Buterin’s argument, for its part, goes beyond implementation, it’s still not without caveats. Yes, a malicious actor in control of 51% of a small blockchain’s hash rate or staked tokens could try to steal Ether (ETH) locked on the bridge on the other end. The attack’s volume would hardly go beyond the blockchain’s market capitalization, as that’s the maximum hypothetical limit on how much the attacker can deposit into the bridge. Smaller chains have smaller market caps, so the resulting damage to Ethereum would be minimal, and the return on investment for the attacker would be questionable.

While most of today’s cross-chain bridges are not without their flaws, it is too early to dismiss their underlying concept. Besides regular tokens, such bridges can also move other assets, from nonfungible tokens to zero-knowledge identification proofs, making them immensely valuable for the entire blockchain ecosystem. A technology that adds value to every project by bringing it to more audiences should not be seen in purely zero-sum terms, and its promise of connectivity is worth taking risks.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Lior Lamesh is the co-founder and CEO of GK8, a blockchain cybersecurity company that offers a custodial solution for financial institutions. Having honed his cyber skills in Israel’s elite cyber team reporting directly to the Prime Minister’s Office, Lior led the company from its inception to a successful acquisition for $115 million in November 2021. In 2022, Forbes put Lior and his business partner Shahar Shamai on its 30 Under 30 list.