I was already writing another article, but a large amount of funds was stolen from a cross-chain bridge called Wormhole that I used frequently on Solana. The stolen funds amounted to 120,000 wETH, worth 330 million US dollars, making it the second largest hack in the DeFi world.
Because of this incident, I decided to temporarily change the topic and discuss the fundamental relationship between cross-chain, multi-chain, and Layer 2, as well as their future development trends.
Let's briefly review this second largest hack in the DeFi world: Wormhole is a protocol that allows users to bridge assets across blockchains. It locked up a total value of over 1 billion US dollars and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche, and Polygon.
The hacker used their own transactions to cross-chain 120,000 ETH (native) to Solana through Wormhole. Wormhole did not properly verify all input accounts, allowing the attacker to deceive the guardians' signatures and minted 120,000 ETH (wETH) on Solana at a 1:1 ratio. The attacker then cross-chained 93,750 ETH (wETH) back to Ethereum.
In short, the hacker used their Ethereum to bypass the Wormhole protocol and stole 120,000 ETH (wETH), successfully transferring 93,750 ETH.
In this hack, the potential impact of Wormhole is greater than the apparent impact. wETH is a cross-chain asset and not the native ETH. The native ETH is in the protocol wallet, and bypassing the protocol to mint wETH is equivalent to creating an additional 120,000 wETH. This means that the minting ratio of wETH to ETH is no longer 1:1 for other normal wETH. This imbalance may cause the value of other non-stolen wETH to also decline.
Currently, Wormhole has announced that the vulnerability has been fixed and the protocol has resumed operation. However, there has been no clear response regarding the stolen funds, which is still pending further updates.
The Wormhole incident (involving 330 million US dollars) combined with the Polynetwork incident (involving 610 million US dollars) makes it the two largest hacks in the DeFi world, with a total value close to 1 billion US dollars. These incidents are also significant in the history of global hacking. Interestingly, both of these events occurred on cross-chain protocols. So where exactly are the problems with cross-chain protocols?
First, let's clarify the concepts of cross-chain and multi-chain. The essential difference between cross-chain and multi-chain lies in security.
In the concept of blockchain, there is a 51% attack, which can be understood as when you have 51% of the current blockchain's computing power/control, you can roll back certain transactions, successfully launching an attack on the blockchain. Because of this, two schools of thought have emerged. One tries to ensure that the entire blockchain is 100% immune to 51% attacks, while the other tries to ensure that even if a 51% attack occurs, it does not affect the security of assets. The emergence of different schools of thought has led to the birth and rise of different public chains.
Before the rise of multiple public chains, there was not much discussion on this topic. However, with the rise of multiple public chains in recent years, driven by the DeFi wave, the need for cross-chain (cross-chain) has emerged, which means that user assets need to be bridged from Ethereum to other public chains.
Now, let's go through a thought exercise, which is also an example to explain the security of cross-chain and multi-chain.
Imagine that you hold 100 ETH on the Ethereum public chain. But now Ethereum is under a 51% attack, causing some transactions to be rolled back. However, on Ethereum, no matter what happens, you still have your 100 ETH. Even a 51% attacker cannot propose a proposal to take away your ETH, let alone be executed by Ethereum. Because such a proposal would violate Ethereum's protocol rules, it would be rejected by the network.
The same applies even if an attack occurs during the execution of a transaction. For example, you still hold 100 ETH on Ethereum, but you sell it on Uniswap for 270,000 DAI. If the blockchain is attacked in some way during the transaction, you still have a very clear outcome: either you keep the original 100 ETH or you receive the 270,000 DAI after the transaction. If neither of these outcomes is obtained, it would violate the protocol rules and would not be accepted by the Ethereum blockchain.
In short, even if Ethereum is attacked, your assets remain secure.
Now, imagine this scenario: you move 100 ETH to Solana through a cross-chain bridge and receive 100 wETH. But at this time, Ethereum is under attack, and the attacker deposits a bunch of ETH into Solana, confirms the transaction on Solana, and then rolls back the transaction on Ethereum. As a result, the attacker obtains a large amount of wETH on Solana without actually paying ETH. This will cause the cross-chain assets to lose their anchoring to the native assets, and your 100 wETH may be worth only 60 ETH or even lower.
Although the actual theft cases of the two major cross-chain bridges were not caused by 51% attacks, the economic results are the same. This is just the case of a cross-chain bridge between two public chains. If cross-chain assets involve more public chains, once they are stolen, it will simultaneously affect all public chains.
Therefore, holding native assets is safer than holding cross-chain assets. The future of public chains will be a multi-chain trend.
Multi-chain is different from cross-chain. Multi-chain does not require third-party cross-chain bridges or protocols, and there is no collateralized issuance of cross-chain assets. It refers to the seamless transfer of native assets under the same communication protocol. Recently, Cosmos has gained popularity due to the advantages of its IBC communication protocol. After Cosmos becomes compatible with EVM in the near future, it will generate even more significant reactions, but I won't go into detail here.
In conclusion, the essential difference between cross-chain and multi-chain lies in their security. Multi-chain ensures consistent states, so even if a rollback occurs, the states will be consistent. However, cross-chain is constrained by the different states of different blockchains and cannot achieve synchronous consistency. Once an attack occurs, the balance of cross-chain assets will be broken.
The future of public chains and DeFi applications will undoubtedly be multi-chain, with asset security being paramount.
Remember, at no time am I providing investment advice, nor do I recommend investing in cryptocurrencies. Sometimes, messages may not be displayed in the background, so you can add me on personal WeChat for communication. But please indicate the purpose.
If you find my articles useful, you can buy me a cup of coffee as a token of appreciation. Feel free to like and share.
Wiseman's Notes - Liu Ye Jing Hong
Personal WeChat: liuyejinghong_
Reply "web3" in the official account backstage to receive free web3 learning resources.
Reply "industry report" in the official account backstage to receive the 2022 industry report for free.
Recommended previous content:
"21. Discussing DeFi Liquidation Logic, with a Focus on DeFi's Large-Scale Liquidation Line"
"20. The Inevitable Losses in the Current Chain Game Production Relations, Analyzing the Reasons Why Chain Games Become More Lossy as They Are Played"
"19. DAO is Only a Method, Not a Result. Organizations Without These Two Core Elements Cannot Be Called DAO"
"18. The False Prosperity of the NFT Market, but the Form of NFT Still Has a Promising Future"