Bridges are big news these days. The bombing of the Kerch Strait Bridge disrupted Russia's supply route to southern Ukraine. Web3's largest crypto exchange just took a $570 million hit on one. Attempts to patch up both are now underway, but the damage to reputation and credibility cannot be undone in either case.

It's time not just to sound the alarm on the security risks posed by cross-chain bridges, but to bypass them altogether. The good news is that there are viable "bridgeless" alternatives out there. By having smart contracts holding keys on multiple blockchains, these solutions offer the benefits of bridges without the risks.

With Binance the latest victim of a lengthening list of breaches, it is clear that hackers are testing bridges to their limits and all too often exposing them as unfit for purpose. But there are other ways to preserve the vast benefits offered by blockchain interoperability — ways that do not include bridges at all.

Bridges Were the Workaround We Need to Replace

When they were first introduced, bridges were welcomed enthusiastically as a workaround for blockchains' inability to communicate natively with one another. After all, they made possible the increasingly desirable cross-chain transfer of assets and information.

But as the ecosystem has evolved, bridges' limits have been exposed for all to see. The Binance raid, which targeted the BSC Token Hub bridge, is just the latest glaring example. While hackers could extract only $100 million of the $570 million worth of tokens they had compromised, this exploit illustrates why bridges are inherently points of vulnerability that will continue to attract bad actors.

"We own this," the team behind the BNB Chain said, as it announced a thorough postmortem of the Binance attack. The official announcement went on to explain that the haul of two million BNB was lifted via "a sophisticated forging of the low-level proof into one common library."

But this take is not shared by everyone in the industry. A tweet from samczsun, head of security at crypto research firm Paradigm, noted scathingly that the attacker had "somehow convinced the Binance Bridge to simply send them 1,000,000 BNB. Twice."

However subtle and sophisticated the hacks, the reason behind them is simple to grasp: DeFi platforms make tempting targets. Bridges are blockchain's weak link.

So it is no surprise that, even before Binance, bridge exploits accounted for $1.6 billion of the $2 billion stolen from DeFI protocols so far this year. This tally, including $624 million lost on the Ronin Bridge and $375 million from Wormhole, speaks to the scale of the problem and stands as convincing evidence that the riskiest part of a transaction is the infrastructure of the bridge itself — the central point where the funds are stored.

Bridge infrastructure is inherently complex, both to use and to maintain. This complexity underlies many of its disadvantages:

  • Painstaking, regular code auditing is required to eliminate bugs that could be exploited. But this is expensive and time-consuming to sustain, so errors go unnoticed.
  • Bridges can be costly to use. Ren BTC, for example, charges a .3% fee on transfers. Users also can be liable for a network fee and Ethereum gas or transaction fees.
  • Exchanges on bridges are often slow, sometimes taking hours. For users, this means anxious waits while funds are in transit and potentially vulnerable to exploits.
  • Bridges do not fully align with Web3's decentralized ethos. The need for a central entity at the point of transfer raises the likelihood of social engineering attempts, among other types of exploit.
  • Some still live on Web2 servers, interfacing with the blockchain but still vulnerable to the full range of hacks targeting any web service.

Bridgeless Options Benefit the Ecosystem

The hacking spree of 2022 has demonstrated that we need better options: ones that facilitate the interoperability we need for a fully functioning Web3 without the drawbacks of bridges.

Such options are now materializing. The Internet Computer, for example, is a general-purpose blockchain enabling Web3 apps and services to run entirely on-chain. As such, it offers a convincing alternative for many use cases, particularly since it is able to interact with Bitcoin directly, with no need for bridges or wrapped tokens. Native integrations such as this are likely to encourage holders to participate fully in DeFi, benefiting the entire ecosystem. And this is just one of many potential advantages offered by a transition to bridgeless services:

  • Greater reliability without the inconsistency and expense of fluctuating gas fees.
  • Stronger security with no vulnerable crossing point. Platforms will be able to build and defend their own security systems. Assets on ICP, for example, are protected by chain key cryptography and users retain their own keys throughout.
  • Increased transparency as bridge blind spots disappear. This will avoid the issue of losses going under the radar, as was the case with those incurred by crypto natives and newcomers alike during the crash. Due in part to over-collateralization and lending approved without a viable prospect of return on investment, these went largely unnoticed because they were undertaken in a centralized way.
  • Completely decentralized lending and borrowing options that are possible when we have fast, trustless code implementation and fewer vulnerabilities.
  • More beneficial relationships between blockchains. In a bridgeless world, there would be fewer adversarial relationships between blockchains fighting over total value locked (TVL) in their respective protocols, like when Avalanche launched with a token incentive to bridge assets over from Ethereum, sucking hundreds of millions of dollars of TVL from Ethereum.

Bridges have become blockchain's Achilles' heel, incentivizing criminality and ultimately dividing the ecosystem as much as they unite it. We need to build new platforms where tokens don't disappear into the distance, but instead, stay visible and traceable on the same block explorer.

If Web3 is to reach mass adoption, decentralized finance must become safer and simpler to use. We can no longer afford to waste time mending bridges when smarter bypass routes will get us to that destination sooner.

(Olliver Barr and Carl Sachs are co-founders of Finterest, a decentralized borrow/lending protocol.)

blockchain
Blockchain is a shared, immutable ledger that records transactions and stores information. Pixabay