Moving crypto assets across blockchain networks is difficult, but as crypto assets and the blockchain industry mature, the Web3 world will undoubtedly become multi-chain, with various blockchain networks optimized for specific needs and use cases. However, this also increases the risk that asset owners take when transferring assets between networks. In the last year alone, over $1 billion has been leveraged from various cryptocurrency bridges - and the other day, we witnessed the theft of approximately $200 million from a cross-chain bridge called Nomad.

What makes this event unique is that it does not require deep technical knowledge, which led to a mixed bag of participants in this event; almost anyone who understands the operating model of blockchain transactions can participate in the attack by simply copying and pasting valid transaction data from the original attacker.

At this point, almost every existing cross-chain bridge has been exploited in one way or another. Some survive, while others never really return to their former glory. I'm not a networking expert, I'm just here to recount how cross-chain bridges work, their importance, drawbacks, and to offer my thoughts on their future changes as cryptocurrency assets mature.

How does a cross-chain bridge work?

Literally, as the word itself means, cross-chain bridges "connect" cryptocurrency assets between multiple blockchain networks. This trend arguably started in the early 2020s as multiple L1 ecosystems grew and competition for market share invited people to come to their space and try out what they had to offer.

These cross-chain bridges typically work by packaging tokens in a smart contract and issuing them on another chain, while ensuring that users' packaged tokens are always redeemable one-to-one to local assets, so let's look at a specific example.

Packaged Bitcoin (WBTC) is one of the most popular cross-chain bridge assets, and cross-chain bridges are centralized and hosted by nature. Users deposit BTC from the Bitcoin blockchain and receive WBTC, an ERC-20 token, on the ethereum blockchain. BitGo is the custodian of WBTC and we need to perform a KYC process through BitGo to redeem WBTC. in addition, there is a set of partners who hold multi-signature keys for all the BTC that is deposited and minted. In this case, the user can verify the on-chain data to see if it is 1:1 backed.

Classification of cross-chain bridges

In general, cross-chain bridges can be classified as trusted cross-chain bridges and untrusted cross-chain bridges.

The former means that cross-chain bridges need to rely on a centralized entity to operate, as shown in the WBTC example above. Users need to trust the security of these centralized custodians to ensure that their bridge assets are sufficiently liquid with users who want to redeem their native tokens. In this case, the risks are rogue behavior of the centralized entity and incompetent security management.

The latter means that cross-chain bridges rely on smart contracts. Users need to trust the security of the underlying blockchain and the smart contracts written on top to enable the cross-chain bridge. In this case, the risk is poorly written code, hackers, or new attack vectors that were previously overlooked.

There is also a trustless bridge that incorporates AMM, essentially creating a more seamless cross-chain exchange experience. This model is generally much more efficient compared to traditional bridging models. However, it is still a trustless model and comes with the inherent smart contract risks mentioned above.

The Bursting of the Bubble

For hackers, cross-chain bridges for cryptocurrencies are like flowers for bees. As the world becomes more multi-chain, and the total market cap of crypto assets (DeFi TVL increases), attacks on these cross-chain bridges will be increasingly profitable. As of August 2, 2022, there is over $20 billion locked up in multiple bridges.

Would you trust a 20-30 year old founder and a team of less than 10 people to defend against a national level hacker? (Axie-Ronin, Harmony)

School of Thought

Vitalik once argued that the future will be multi-chain, but not cross-chain. He basically argued that a decentralized application living on different chains would create complex interdependencies between multiple chains, whereby a 51% attack on just one chain would have a significant contagion effect, threatening the economy of the entire ecosystem.

Not only is there a security risk, but token economics will also need to decide how to treat their tokens on different chains. There will be demand supply aspects to ensure that the original token economics framework ensures that the inflation rate of tokens is not materially affected by cross-chains.

The cross-chain bridge bailout

Ironically, the word bailout is probably one of the most negative portrayals in the mainstream media of Wall Street firms that screw up and need some sort of government (or Warren Buffett) assistance. But now, cryptocurrencies are repeating TradFi's mistakes at lightning speed: the

Wormhole $320 million hacked - Jump Trading lends a helping hand. Ronin ( Axie ) $624 million hacked - Binance, Animoca, a16z, Accel, Paradigm, Dialectic involved in aid. Harmony Bridge $100 million hack - jacked up the price of ONE tokens to compensate victims (actually the community helped form the project). Poly Network $611 million hack - good thing the hackers returned the funds. Of the four scenarios above, the best outcome was for Poly Network, as the hackers eventually returned almost all of the stolen funds. However, if we have an attack and either need a capital bailout or rely on the goodwill of the hackers, what are we doing here?

Wouldn't we be better off "bridging" assets through a CEX or trusted cross-chain bridge?

These entities would be more regulated, have auditable reserves, indicted founders, and (hopefully) better services.

Of course, you could argue that CEX and trusted cross-chain bridges can block your access to their services at any time, especially if they are under pressure from many regulators. While this is 100% true, untrusted cross-chain bridges could be forced to do similar things, albeit on a much smaller scale, such as blocking IP addresses or flagging transactions from blacklisted wallets. At the end of the day, when cryptocurrencies scale to 1 billion users, 99% of the consumers of these dApps don't really care what the cross-chain bridge is doing, they just want the fastest, safest, most trustworthy way to move their assets.

I think the game will be basically over when USDC/USDT finds a way to do cross-chain exchanges and consolidate fiat exports in G-20 countries.

Some ideas

Our goal is to create a decentralized financial ecosystem, but when a breach occurs, we will likely need to rely on the government to retrieve the funds. If that's the case, then why don't we trust CEX, which has backing? Yes, they may be slower to use the new chain, but if the end result is the same and it is likely to be more secure as CEX is regulated, then doesn't that defeat the original purpose?

I predict that the "real" institutions with trillions of dollars will favor CEX and trusted cross-chain bridges over trustless ones. So while the trustless cross-chain bridge market will still exist, activity will be driven primarily by speculators looking to find their Meme coins on the latest cottage public chain.

What is happening now, coupled with Vitalik's views on the future of multi-chains, may portend a need to rethink the design, philosophy and usage of these cross-chain bridges