Multisigs mean funds in bridges are 'one small slipup' from being hacked
The recent exploit on Harmony’s Horizon Bridge revealed the inherent flaws with multisig admin keys that leave projects and their users “one small slipup” from deep trouble.
Two crypto project leads expressed their concern that the expansion of the multi-chain ecosystem could be hampered by the use of multisig contracts due to the dangers they pose with bridges keeping crypto funds safe.
Multisig refers to the requirement of multiple individuals to approve a transaction. The multichain ecosystem is the conglomeration of hundreds of blockchains with varying consensus algorithms that often interact through token bridges.
Founder of the Moonbeam blockchain Derek Yoo told Cointelegraph that he advocates for new approaches to security that aim to take the element of human error out of the equation. Yoo said the multichain ecosystem is seeing increased rise in usage due to the “desire to move assets to different chains” but that it needs much better security measures.
“There are inherent weaknesses in the multisig approach that expose you to hacking risk. It takes one small slipup and you’re in deep trouble.”
Moving assets between chains usually requires token bridges, like the Horizon Bridge which was exploited on June 23 for about $100 million in crypto assets. Horizon was compromised when two of the signee keys for its multisig contract were discovered by an attacker.
Yoo pointed out that the multisig approach may be the standard for the industry at present, but it is far from a gold standard. In his estimation, there are much more secure designs that could be implemented to bridge tokens, such as using a separate proof-of-stake (PoS) network for transfers. He feels that while developers have to make compromises to get to chains with a lot of activity:
“Communication between chains at the blockchain level is the bleeding edge and is the most secure type of bridging.”
CEO of the Mina Foundation which developed the Mina blockchain Evan Shapiro shares Yoo’s distrust of the multisig approach given the more advanced measures available to the industry now. He feels that the biggest problem facing the multichain ecosystem is its over-reliance on trust. He told Cointelegraph on June 30 that
“The obvious problem is based on third-party custodians serving as trusted intermediaries for bridges.”
In his view, the ideal would be for blockchains to be verified by each other, but acknowledges that that is infeasible and inefficient. An alternative is to utilize zero-knowledge proofs that compress and verify the massive amount of data stored on blockchains.
Shapiro distilled the dilemma presented by token bridges down to who or what entity users are placing their trust in when bridging tokens. He said that it doesn’t matter if the bridge is the first party, as is the case with the Horizon Bridge, or the third party. “This is not about the development of the code,” he said.
“It speaks to the risks of custodial bridges. If you have a custodial bridge, a fixed number of people can compromise it.”