An internet is only as good as its weakest link, and it is clear that Web3’s weakest link has become the bridge. Chainanalysis estimates that there have been $2 billion in bridge attacks over the last year, with that type of attack now by far the most popular method of stealing cryptocurrencies.
Traditional Web 1.0 and Web 2.0 had their open port scan and “man in the middle” attacks, and Web3 has the bridge, which is one of the only ways for thousands of separate blockchains to communicate with each other and be interoperable. As they are currently constructed, blockchains would be virtually useless, locked into their own silos of utility, without bridges providing an interoperability protocol to allow for cross-ledger interaction.
Though bridges have been a vital component to building up links between blockchains, just as vital as HTTP was to linking web pages across different browsers and computers, bridges are essentially a makeshift, halfway measure to connect the bundled mess of blockchains and protocols that have proliferated in the 14 years since Satoshi’s white paper. It is one more way in which blockchains are tangled in this sort of legacy Tower of Babel that makes it difficult for these technologies to truly usher in a new age of decentralization.
Legacy foundation, legacy problems
Here we have the current fundamental problem of Web3, more of a “Web2.5” that has layers of decentralized internet sitting atop layers of legacy infrastructure that is both centralized and insecure. Web3 is repeating the patterns of development that allowed the internet to become a consumerized and ultimately incomplete advancement of human progress.
It is a system that is difficult for even the most “decentralized” technologies to escape. While exploiting bridges is having a moment as the quick, dirty and popular way to hack blockchains and Web3, there are multiple points of entry where cybercriminals can compromise the ostensibly impenetrable technologies of encrypted blockchains.
So much of blockchain infrastructure itself runs on centralized services, from the point of the internet service providers to cloud services to proprietary software running concurrently on hardware to the hardware itself. Inbound and outbound traffic at some point is bound to pass through one of the handful of technology oligopolies that make the modern internet run.
As proudly touted by Amazon.com Inc. itself on the Amazon Web Services information page, 25% of all Ethereum workloads in the world run on AWS. How about that? The largest company on the planet is proud of its contributions to decentralization.
Not to mention that nearly every computing machine on that same planet is subject to the original sin of flawed design. The Spectre and Meltdown hardware vulnerabilities, disclosed in early 2018, targeted nearly every computer chip manufactured in the last 20 years, whether that chip ended up in a server rack, a personal computer, a smartphone, tablet or, yes, cryptocurrency miners and peer-to-peer “nodes.”
Although Web3 is up to the challenge of replacing brand-name, centralized trust with the great promise of decentralization, it is going to take awhile to decentralize networking, internet service, the cloud and all the current parts of internet infrastructure that have been built up over the last several decades. However, there are more tangible steps we can take to better protect Web3 against the immediate threat of bridge attacks that undermine the fundamental security of the current ecosystem.
Bridges to nowhere
In building up an ecosystem around the simple and tantalizing promise of Satoshi’s white paper and bitcoin, we have perhaps lost sight of what made that promise so attractive in the first place: the promise of unbreakable peer-to-peer transactions and private keys.
Bridges and oracles have been an essential, but ultimately transitional and definitely insecure, means of having these many different blockchains perform and carry utility outside of their native environments. We’ve traded convenience for fundamental value-add, especially as these technologies have allowed for the rampant theft of value from both individuals and the community to the tune of billions of dollars.
For Web3 to succeed, and not just become a pale imitation of the poorly constructed webs that preceded it, we need better interoperability solutions that incorporate the fundamentals of private, secure and decentralized blockchain. That means interoperability solutions that allow for things such as trustless self-validation and wallets that are both open-source and universal. Bridges have become so attractive as a target that they should no longer be accepted by the community.
We may not be able to replace all those centralized pieces of Web 1.0 and Web 2.0 that we still need to make Web3 work, but by building a foundation of interoperability that doesn’t create the weakest link in blockchain, it will be a tremendous first step in shoring up what is clearly the greatest weakness of Web3 right now.
Ken DiCross is co-founder and chief executive officer of the blockchain platform Wire.Network. He wrote this article for SiliconANGLE.