The recent hack of Axie Infinity’s Ronin bridge reveals how proof-of-stake (PoS) chains still struggle with a fundamental flaw in their design, with speed and energy efficiency prioritized over security, an analyst at crypto exchange Huobi has said.
“This hack reflects the continuing challenges that blockchains and operators face in balancing user experience and security,” Huobi Research Institute head Flora Li said in a commentary on Wednesday, suggesting that the low number of nodes on the Ronin network was a fundamental problem.
Although Axie Infinity (AXS) developer Sky Mavis has “pledged to raise the number of required nodes to eight,” this is not enough, Li said. She argued that,
“It still doesn’t solve the fundamental problem of how proof-of-stake blockchains can keep transactions fast, user-friendly, and energy-efficient without compromising security.”
The analyst added that Ronin has taken “shortcuts to relieve network bottlenecks,” and said that cutting down the number of nodes on the network has made it “easier for hackers to exploit.”
The comments from Huobi’s Li came after news broke on Tuesday that the Ronin bridge, which is used to connect the Ronin network to other blockchains, had been drained by hackers for ETH 173,600 and USDC 25.5m, now worth some USD 615m.
Speaking on stage at the Los Angeles NFT Conference on Tuesday, Jeff Zirlin, the co-founder and growth lead at Sky Mavis, reiterated that the team is talking to law enforcement, and said some of the stolen tokens had already been sent to exchanges by the hackers.
Despite the funds already being on the move, Zirlin insisted that there’s a chance that the hackers can still be identified.
As can be expected, this was quickly pointed out by some proof-of-stake critics on Twitter:
Meanwhile, other industry players also hinted that a lack of focus on security and decentralization could be to blame for the attack.
EA Sports, a contributor to DeFi protocol Harvest Finance said in an emailed comment that Ronin is a sidechain secured by nine validators, while only “5 (+50%)” are needed to attack the network – “the attackers got access to the system that operates four of the nodes, and found a bug to access another node.”
They added that,
“This centralization of the validators made it much easier to compromise security and another example of why decentralization is critical.”
A similar concern was also shared by Kadan Stadelamn, chief technology officer of DeFi platform Komodo (KMD), who said the hack “shows why centralized cross-chain bridge solutions may threaten the adoption of cryptocurrencies.”
“Having only nine validators for the Ronin bridge, and four belonging to the same person, is concerning,” he said, adding that pooling all user funds into just one wallet address “is the exact definition of centralization.”
Meanwhile, Ryan Lewis, Technology Consultant at digital asset protection provider Coincover, said that the Ronin hack shows “the classic challenges of usability trumping security when these technologies are so young.”
“There is no doubt this will continue to be the case as the crypto industry matures but the stakes are extremely high and security can certainly not take a back seat,” he said in an emailed comment.