Multisigs mean funds in bridges are 'one small slipup' from being hacked
The recent exploit on Harmony’s Horizon Bridge revealed the inherent flaws with multisig admin keys that leave projects and their users “one small slipup” from deep trouble.
Two crypto project leads expressed their concern that the expansion of the multi-chain ecosystem could be hampered by the use of multisig contracts due to the dangers they pose with bridges keeping crypto funds safe.
Multisig refers to the requirement of multiple individuals to approve a transaction. The multichain ecosystem is the conglomeration of hundreds of blockchains with varying consensus algorithms that often interact through token bridges.
Founder of the Moonbeam blockchain Derek Yoo told Cointelegraph that he advocates for new approaches to security that aim to take the element of human error out of the equation. Yoo said the multichain ecosystem is seeing increased rise in usage due to the “desire to move assets to different chains” but that it needs much better security measures.
Moving assets between chains usually requires token bridges, like the Horizon Bridge which was exploited on June 23 for about $100 million in crypto assets. Horizon was compromised when two of the signee keys for its multisig contract were discovered by an attacker.
Yoo pointed out that the multisig approach may be the standard for the industry at present, but it is far from a gold standard. In his estimation, there are much more secure designs that could be implemented to bridge tokens, such as using a separate proof-of-stake (PoS) network for transfers. He feels that while developers have to make compromises to get to chains with a lot of activity:
CEO of the Mina Foundation which developed the Mina blockchain Evan Shapiro shares Yoo’s distrust of the multisig
Read more on cointelegraph.com
