I was originally writing another article, but a significant amount of funds was stolen from Wormhole, a cross-chain bridge that I frequently used on Solana. The hacker stole 120,000 wETH worth $330 million, making it the second-largest hack in the DeFi world.
Because of this incident, I decided to change the topic temporarily and discuss the fundamental relationship between cross-chain, multi-chain, and Layer 2, as well as their future development trends.
Let's briefly review this second-largest hack in the DeFi world: Wormhole is a protocol that allows users to bridge assets across different blockchains. It has locked a total value of over $1 billion and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche, and Polygon.
The hacker used their own transactions to cross-chain 120,000 ETH (native) to Solana through Wormhole. However, Wormhole did not properly verify all input accounts, allowing the attacker to deceive the guardians' signatures and minted 120,000 ETH (wETH) on Solana in a 1:1 ratio. They then cross-chained 93,750 ETH (wETH) back to Ethereum.
In short, the hacker used their Ethereum to bypass Wormhole's protocol verification and stole 120,000 ETH (wETH), successfully transferring 93,750 ETH.
In this hack, the potential impact of Wormhole is greater than the apparent impact. wETH is a cross-chain asset and not the native ETH. The real ETH is in the protocol wallet, so bypassing the protocol to mint wETH is equivalent to increasing the supply of 120,000 wETH. This imbalance between wETH and ETH may cause the value of other unaffected wETH to also decline.
Currently, Wormhole has announced that the vulnerability has been fixed, and the protocol has resumed operation. However, there has been no clear response regarding the stolen funds, awaiting further updates.
The Wormhole incident (involving $330 million) combined with the Polynetwork incident (involving $610 million) makes it the two largest hacks in the DeFi world, with a total market value close to $1 billion. These are significant amounts even in the history of global hacking. Interestingly, both of these incidents occurred on cross-chain protocols, raising questions about the issues with cross-chain protocols.
First, let's clarify the concepts of cross-chain and multi-chain. The essential difference between cross-chain and multi-chain lies in security.
In the concept of blockchain, there is a 51% attack, which means that if you have 51% of the current blockchain's computing power/control, you can roll back certain transactions, effectively attacking the blockchain. Because of this, two schools of thought have emerged. One aims to ensure that the entire blockchain is 100% immune to 51% attacks, while the other aims to ensure that even if a 51% attack occurs, the security of assets is not compromised. The emergence of these different schools of thought has led to the birth and rise of different public chains.
Before the rise of multiple public chains, there was not much discussion about this. However, with the rise of multiple public chains in recent years, driven by the DeFi wave, there has been a demand for cross-chain, i.e., the need to transfer user assets from Ethereum to other public chains.
Now, let's imagine a scenario to understand the security differences between cross-chain and multi-chain.
Suppose you hold 100 ETH on the Ethereum blockchain. Now, Ethereum is under a 51% attack, causing some transactions to be rolled back. However, on Ethereum, regardless of what happens, you still have your 100 ETH. Even a 51% attacker cannot propose a proposal to take away your ETH, let alone have Ethereum execute it. Such a proposal would violate Ethereum's protocol rules and be rejected by the network.
The same applies even if an attack occurs during the execution of a transaction. For example, you still hold 100 ETH on Ethereum, but you sold it on Uniswap for 270,000 DAI. If the blockchain is somehow attacked during this transaction, you will still have a clear outcome: either you retain the original 100 ETH or you receive the 270,000 DAI after the transaction. If neither of these outcomes is achieved, it would violate the protocol rules and not be accepted by the Ethereum blockchain.
In short, even if Ethereum is attacked, your assets remain secure.
Now, imagine another scenario. If you move 100 ETH to Solana through a cross-chain bridge and receive 100 wETH, but Ethereum is attacked, and the attacker deposits a bunch of ETH into Solana, confirms the transaction on Solana, and then rolls back the transaction on Ethereum. The attacker would then obtain a large amount of wETH on Solana without actually paying ETH, causing the cross-chain assets to lose their anchoring to the native assets. The 100 wETH you hold may only be worth 60 ETH or even less.
Although the actual theft cases of the two major cross-chain bridges were not caused by 51% attacks, the economic results are the same. This is just an example within two public chains. If cross-chain assets involve more public chains, once they are stolen, it will affect all the public chains simultaneously.
Therefore, holding native assets is safer than holding cross-chain assets. The future of public chains will be a multi-chain trend.
Multi-chain is different from cross-chain. Multi-chain does not require third-party cross-chain bridges or protocols, and there is no collateralized issuance of cross-chain assets. It refers to the seamless transfer of native assets under the same communication protocol. Recently, Cosmos has gained popularity due to the advantages of its IBC communication protocol. After Cosmos becomes compatible with EVM in the near future, it will generate even more significant reactions, but I won't go into detail here.
In conclusion, the essential difference between cross-chain and multi-chain lies in their security. Multi-chain ensures consistent states, meaning that if a rollback occurs, it will be a consistent rollback. However, cross-chain is limited by the different states of different blockchains and cannot achieve synchronous consistency. Once an attack occurs, the balance of cross-chain assets will be disrupted.
The future of public chains and DeFi applications will undoubtedly be multi-chain, with asset security being paramount.
Please note that I do not provide investment advice at any time, and I do not recommend investing in cryptocurrencies. Sometimes, messages in the background may not be displayed, so you can add my personal WeChat for communication. But please indicate the purpose.
If you find my articles useful, you can buy me a cup of coffee as a token of appreciation. Feel free to like and share.
Wiseman's Notes - Liu Ye Jing Hong
Personal WeChat: liuyejinghong_
Reply "web3" in the official account to receive free web3 learning resources.
Reply "Industry Report" in the official account to receive the 2022 industry report for free.
Recommended content from previous issues:
"21. Discussing DeFi Liquidation Logic, Focusing on DeFi's Large-scale Liquidation Line"
"20. The Inevitable Loss for Players in the Current Chain Game's Anti-Human Production Relations: Analyzing the Reasons Why Chain Games Become More Lossy the More You Play"
"19. DAO is Only a Method, Not a Result: Organizations Without These Two Core Elements Cannot Be Called DAO"
"18. The False Prosperity of the NFT Market, but the Future of NFT Forms is Still Promising"