In March 2022, the developers of the Ronin bridge announced a hack in which $612 million was taken in just two fraudulent transactions. It was a blow that struck at the very foundations of crypto’s potential: If transactions between blockchains can’t be effectively secured, the industry will remain fragmented.
The development of new blockchain bridges has taken off in recent years, and it’s essential for devs to take heed of the lessons from the Ronin hack. Below, 10 members of Cointelegraph Innovation Circle discuss strategies devs can leverage to increase the security of bridge protocols—it’s a challenge that may take more than careful coding.
Ensure the design is flawless
Devs must ensure their design is flawless and that their bridge protocol is implemented precisely following the design. Additionally, they should ensure admin keys and relayer keys are private. Last but not least, they should schedule proper security audits and checks before deployment and upgrades. – Yaoqi Jia, AltLayer
Conduct internal and external source code audits
Ensuring the security of bridge protocols will call for extra scrutiny from developers. They must actively conduct source code auditing both internally and externally (with trustworthy sources). They must make it a habit to find loopholes and follow a set procedure to locate areas that can be exploited by hackers. – Vinita Rathi, Systango
Look for even the most minor errors
Before deploying their bridges, developers should perform rigorous source code audits internally and with unbiased, neutral external parties. Audits must be complete and thorough to minimize potential weaknesses. Even a minor error in a smart contract, such as one bad line of code, can be exploited by hackers. Eventually, the most secure could serve as templates and standards for new developers. – Sheraz Ahmed, STORM Partners
Avoid building too quickly or being solely focused on profit
Audits are necessary, and design is key. Developers should focus on creating systems that are truly decentralized. We should avoid building too quickly or being purely focused on profit or speed rather than solid foundations. Developer transparency is a must. – Zain Jaffer, Zain Ventures
Build authentically decentralized bridges
Being inauthentic isn’t going to help anyone! Many centralized cross-chain bridges tend to market themselves as decentralized, which ultimately leads to hacks, as in the Ronin bridge case. Hence, the need of the hour is authentic, decentralized cross-chain bridges built by experts who do not prioritize profits before decentralization and security. – Dev Sharma, Blockwiz
Join the community where you can transform the future. Cointelegraph Innovation Circle brings blockchain technology leaders together to connect, collaborate and publish. Apply today
Think in terms of islands, not bridges
We haven’t even gotten past the one-off bugs yet — where bridges are being hacked due to faulty code — to the game theory behind re-orgs, which are the next pain points in bridges. View them as islands with roads in between; islands are more stable than bridges going over water. There is no way to secure a bridge and make it as stable as landing on an island. – Jagdeep Sidhu, Syscoin Foundation
Increase awareness of various risks
Most points of failure when it comes to bridge hacks occur when people fall for scams, phishing attacks and similar malicious activities. Technical solutions can only do so much, and social engineering will always be a thing as long as there are gullible people in the world. Developers can help increase the security of bridge protocols by increasing awareness about different risks. – Tim Haldorsson, Lunar Strategy
Adopt zero-knowledge proofs
The fundamental win for bridging protocols is the use of zero-knowledge proofs or other self-sovereign concepts. This will allow bridges to have many contracts with much smaller holdings, eliminating the huge honeypots that bridges have become. – Arie Trouw, XYO
Increase the number of signatures required for an event
Developers need to prioritize greater decentralization and trust requirements rather than quick protocol launches or faster transaction speeds if they want to ensure maximum security for bridge protocols. By increasing the number of signatures required for an event to occur within their validator setups, developers can achieve greater decentralization and, consequently, improve bridge security. – Anthony Georgiades, Pastel Network
Invest in audits and monitor smart contract addresses
Bridge technology is fragile and needs a paradigm shift; there are currently no foolproof measures. However, investing adequately in code audits and monitoring smart contract addresses can mitigate some risks. – Nitin Kumar, zblocks
This article was published through Cointelegraph Innovation Circle, a vetted organization of senior executives and experts in the blockchain technology industry who are building the future through the power of connections, collaboration and thought leadership. Opinions expressed do not necessarily reflect those of Cointelegraph.