Top of mind at Shipyard The latest news in crypto is the Nomad bridge hack. It’s especially bad, not just because of the funds lost but because of the existential question it raises for bridging, and a multichain world.   Prior to Nomad, nearly all of the bridges that have been hacked used a trusted security model, where funds were essentially secured by a multisig, and users rely on the reputation of the bridge operator to ensure the security of funds. For example, Ronin required 5 out of 9 total validators to approve deposits and withdrawals (and Sky Mavis controlled 4 of the validators at the time). A hacker was able to take control over 5 of the validator wallets and withdraw funds from the bridge contract. Similarly, the Harmony bridge was secured by a 2 of 5 multisig and a hacker was able to take control of 2 of the addresses to drain the bridge. While regrettable, ‘trustless’ bridge models were already in development, and the future of bridging felt bright. Nomad was a shining example of a trustless model.   Nomad’s exploit, however, shows that even trustless bridges are susceptible to exploits. This is depressing because we don’t have an alternative model to give us hope. Any bridge as they are currently architected is going to create (a) an enormous honeypot on one side and (b) systematic risk for the entire ecosystem that is reliant on the bridge. We need a new paradigm for bridge design.   Believe it or not, we might be able to draw lessons from TradFi. Bridging between chains feels an awful lot like exchanging sovereign currencies between countries. In TradFi, the correspondent banking system and FX market handles day-to-day ‘bridging’, while periodically banks and countries settle up with each other through their respective central banks. Back when the world was on the gold-standard, countries would periodically settle up by moving gold back and forth. Perhaps this is how bridging should work in the multichain world. Day to day bridging could be done via a marketplace of private actors with capital on both chains. Periodically, big chunks of net value could be shifted from one chain to another in a very unwieldy but very secure process, perhaps built into the security model of the chains themselves. Perhaps the dream of a trustless & secure bridge for day-to-day amounts of money is simply unnecessary.

Top of mind at Shipyard The latest news in crypto is the Nomad bridge hack. It’s especially bad, not just because of the funds lost but because of the existential question it raises for bridging, and a multichain world.   Prior to Nomad, nearly all of the bridges that have been hacked used a trusted security model, where funds were essentially secured by a multisig, and users rely on the reputation of the bridge operator to ensure the security of funds. For example, Ronin required 5 out of 9 total validators to approve deposits and withdrawals (and Sky Mavis controlled 4 of the validators at the time). A hacker was able to take control over 5 of the validator wallets and withdraw funds from the bridge contract. Similarly, the Harmony bridge was secured by a 2 of 5 multisig and a hacker was able to take control of 2 of the addresses to drain the bridge. While regrettable, ‘trustless’ bridge models were already in development, and the future of bridging felt bright. Nomad was a shining example of a trustless model.   Nomad’s exploit, however, shows that even trustless bridges are susceptible to exploits. This is depressing because we don’t have an alternative model to give us hope. Any bridge as they are currently architected is going to create (a) an enormous honeypot on one side and (b) systematic risk for the entire ecosystem that is reliant on the bridge. We need a new paradigm for bridge design.   Believe it or not, we might be able to draw lessons from TradFi. Bridging between chains feels an awful lot like exchanging sovereign currencies between countries. In TradFi, the correspondent banking system and FX market handles day-to-day ‘bridging’, while periodically banks and countries settle up with each other through their respective central banks. Back when the world was on the gold-standard, countries would periodically settle up by moving gold back and forth. Perhaps this is how bridging should work in the multichain world. Day to day bridging could be done via a marketplace of private actors with capital on both chains. Periodically, big chunks of net value could be shifted from one chain to another in a very unwieldy but very secure process, perhaps built into the security model of the chains themselves. Perhaps the dream of a trustless & secure bridge for day-to-day amounts of money is simply unnecessary.