Vitalik Buterin, the co-founder and chief scientist of Ethereum, has sounded the alarm over the security of cross-chain bridges, warning of their vulnerability in the event of 51% attacks.
Buterin’s comments come as low-cost EVM-compatible Layer 1 networks seek to capitalize on Ethereum’s sky-high gas fees. To prevent liquidity from becoming siloed within one particular network, myriad decentralized and centralized bridges have emerged to enable capital to flow freely between various networks. However, both the security and decentralization of many bridges have been called into question.
And with good reason. While the burgeoning cross-chain ecosystem has allowed users to mitigate the expense of using Ethereum’s mainnet, cross-chain protocols were among those hit hardest by hackers in 2021. THORChain suffered multiple exploits, and Poly Network was hit by the largest DeFi hack on record worth $600M (although the funds were eventually returned). Chainswap and AnySwap were also successfully targeted by hackers.
Buterin emphasized “the fundamental security limits of bridges” as the basis of his skepticism regarding cross-chain applications in a comment posted to Reddit on Jan. 8.
Buterin argues that blockchains can “maintain many of their guarantees even after a 51% attack,” contradicting popular perceptions that “everything breaks” for a network in the event of a successful 51% attack.
“Suppose that you have 100 ETH on Ethereum, and Ethereum gets 51% attacked, so some transactions get censored and/or reverted,” wrote Buterin. “No matter what happens, you still have your 100 ETH. Even a 51% attacker cannot propose a block that takes away your ETH, because such a block would violate the protocol rules and so it would get rejected by the network.”
“Even if 99% of the hashpower or stake wants to take away your ETH, everyone running a node would just follow the chain with the remaining 1%, because only its blocks follow the protocol rules.”
He added that in the case of Ethereum-based applications, while a 51% attack “could censor or revert” the protocol for some time, the incident would still result in “a consistent state” — meaning that account balances could not be lost.
“If you had 100 ETH, but sold it for 320000 DAI on Uniswap, […] at the end of the day you still have a sensible outcome – either you keep your 100 ETH or you get your 320000 DAI,” Vitalik said. “The outcome where you get neither [or both] violates protocol rules and so would not get accepted.”
Buterin noted that the same is true of Ethereum Layer 2s, asserting that “proper” L2s like Optimism and Arbitrum will revert alongside the mainnet in the event of an attack. There is no way to attack said networks separately to Ethereum’s L1.
Using Wrapped Ether (WETH) held on a Solana bridge as an example, Buterin warns that assets held in cross-chain bridges in the event of a 51% attack would not boast the same guarantees, posing:
“The attacker deposited a bunch of their own ETH into Solana-WETH and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH.”
Vitalik warns that this issue is exacerbated as the number of chains connected to a given bridge increases, warning that an attack targeting a protocol “with many interdependencies” between chains could cause “a system contagion that threatens the economy on that entire ecosystem.”
While acknowledging that his worst-case predictions are unlikely to materialize soon, Buterin warned that the systemic risks posed by cross-chain bridge security increase alongside their adoption.
Reddit-user “exactly_aquatic” supported Buterin’s comments, asserting that “every L1<->L1 bridge in production has a trusted node or network in the middle that can freeze the bridge deposits.”
However, on Twitter, popular commentator “ChainLinkGod” asserted that “the implementation and adoption of cross-chain smart contracts and token bridges are inevitable,” highlighting the $22B currently locked in bridges connecting Ethereum to other L1s.
“Given that it’s going to happen regardless, the goal shouldn’t be to avoid cross-chain, but have protections in place,” they added.
Buterin emphasized his optimism for a “multi-chain blockchain future” despite criticizing cross-chain security. “There are fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty’,” he said.
CORRECTION @ FEB 4 3PM ET: Quote attribution corrected.