If you want to do business or invest in crypto, sending funds from one blockchain to another is one of the biggest hassles.
Cross-chain payments are particularly problematic in decentralized finance (DeFi), where yield-farming profits often rely on moving funds from one project to another quickly. But any commerce between different blockchains requires using a native token from the correct chain.
There are two ways to do this: Go through an exchange. Or use a wrapped token, such as wrapped bitcoin (wBTC) and wrapped ether (wETH).
Wrapped tokens provide the interoperability and cross-chain liquidity that the crypto world is fast finding a necessity — and they do it very simply.
Send the token you have, for example a bitcoin, to a custodian. The custodian stores it and mints a new, Ethereum-compatible wBTC token. Send it back, and the custodian returns your bitcoin. While there is a fee, it’s generally cheaper and faster than going to an exchange.
Suddenly, payments are a lot easier in an ecosystem where most blockchains are siloed, closed off by the need to use their own native tokens to send or receive anything.
Granted, there are some exceptions: Polkadot, an “Ethereum killer” smart contract platform that calls itself a “blockchain of blockchains,” solves the problem by bundling 100 “parachains” around a central chain through which all can pass transactions between any of its separate tokens.
See also: The Most Ambitious of the ‘Ethereum Killers,’ Polkadot’s Launch Could Begin the Reinvention of DeFi
But even then, it needs to be able to connect with other blockchains like Ethereum and Bitcoin, so it uses the cross-chain payments bridges that mint wrapped tokens.
Bridging the Gap
While the terms can be used generically, wrapped bitcoin and wrapped ether are both specific tokens issued by specific, centralized companies — BitGo for wBTC and 0x Labs for wETH — and sold by third parties.
Those are three-party transactions: The merchant takes the customer’s bitcoin, sends it to BitGo and receives a wBTC in return. Those custody arrangements have been solid.
The name wrapped token can be misleading, as it suggests you are carrying your original token with you. But a better way to think of it is a safety deposit box. You get the new currency but leave the old one in a bank vault.
Which means it is only as secure as the bank you’re storing it in. The problem is that many of the platforms that wrap and unwrap tokens are bridges, which have been attracting hordes of hackers.
See more: The $100M Hack and Crypto’s Cross-Chain Payments Problem
And those hackers have been hugely successful, with blockchain data firm Chainalysis announcing on Aug. 2 that a staggering $2 billion had been stolen in just 13 cross-chain bridge hacks. More than half of that came in the first quarter alone.
“Bridges are an attractive target because they often feature a central storage point of funds that back the ‘bridged’ assets on the receiving blockchain,” the company wrote. “Regardless of how those funds are stored — locked up in a smart contract or with a centralized custodian — that storage point becomes a target.”
In addition, many bridges are work-in-progress DeFi projects that need frequent updates, and a number of the biggest hacks have exploited that weakness.
The Chainalysis report came the day after the $190 million Nomad cross-chain bridge hack, in which an update left a flaw so big that hundreds of opportunists were able to duplicate original thief’s transaction to repeat it.
“All you had to do was find a transaction that worked, find/replace the other person’s [digital wallet] address with yours, and then rebroadcast it,” said Sam Sun, a researcher for Paradigm, a Web3 investment firm, in a post-mortem of the Nomad hack. “Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all.”
See here: Hack of Crypto Payments Bridge Turns into $190M DeFi Free-for-All
The Peg Problem
Another problem with wrapped tokens, especially ones for smaller blockchains, is that they bear some resemblance to stablecoins. Both are, in effect, a token that promises a one-to-one peg with the wrapped cryptocurrency, backed by a reserve of those tokens.
And like stablecoins, the stability of that peg is dependent on whether people trust they will be able to redeem their collateral on demand. So any crisis could potentially cause them to lose their peg.
Yet most of their weaknesses boil down to custody issues rather actual problems with their ability to make transactions across different blockchains faster, simpler and cheaper.
For all PYMNTS Crypto coverage, subscribe to the daily Crypto Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More