Even though the DeFi universe has grown exponentially over the last years, the still-evolving ecosystem has become the breeding ground for malicious actors. On one end, the DeFi market is witnessing an inflow of billions of dollars and helping manifest blockchain’s vision of more democratized and inclusive access to financial services. At the same time, hackers are siphoning off millions in the blink of an eye. This recurring problem needs to stop if DeFi wishes to expand its footprint across the larger market.
Take, for instance, the latest Wormhole network exploit. Hackers exploited the flawed logic in the bridge between Solana and Ethereum blockchains, stealing over $325 million. In general, any transaction triggered through the Wormhole Bridge to Solana requires two things: a valid transaction signature and a “Guardian” approved validation node. Once both conditions are satisfied, the Solana network approves the transaction request. However, in the case of an invalid transaction signature and a valid guardian, the underlying determiners for initiating a transaction don’t match up, leading Solana to deny the mint request.
In Wormhole’s recent exploit, the hacker used an invalid signature and a non-guardian to create two different unapproved conditions. Since the process relies on matching conditions, in this case, a valid signature and guardian, to process transaction requests, the underlying code considered the two “invalid conditions” generated by the hacker as a “match.” As a result, the hacker minted 120,000 wETH, worth around $325 million, on Solana without depositing the corresponding amount of ETH in Wormhole.
For now, the vulnerability has been patched, and the Wormhole management team has reassured users that stolen funds would be returned. However, the team didn’t specify who would provide the funds to backstop the wETH on Solana.
Multi-Party Computation (MPC) To The Rescue
The Wormhole bridge exploit highlights the growing trend of exploits on cross-chain protocols, raising important questions about the promised security of blockchain networks. While interoperability and cross-chain communication are essential to DeFi, the underlying concept of “validation via signatures” needs a significant overhaul to ward off malicious attempts.
This is where multi-party computation (MPC) comes into the picture. While the core concept of requiring multiple parties or proofs (like signatures) to approve transactions is a common feature used by blockchain wallets, Partisia Blockchain’s MPC technology further diminishes the chances of exploits by distributing signature power to multiple parties.
Most existing signature-based transaction approvals rely on a single point of trust, but with Partisia’s MPC model, there’s no single point of trust. Instead, the security feature is distributed across the entire Partisia Blockchain, effectively removing problems like a fraud.
Leveraging the power of ZK (zero-knowledge) computations for on-chain, off-chain, and cross-chain transactions, the MPC model adds privacy and confidentiality with no single point of trust. A subset of the secret keys, but not the entire secret key set, is stored in entirely modifiable endpoints in MPC. These endpoints are used in conjunction to build a consensus, and a minimum number of endpoints must be reached for a transaction to be successful.
According to Kurt Nielsen, the President and Co-founder of Partisia blockchain, “Interoperability via token bridges exhibits immense potential to become a main value creator in the blockchain ecosystem. However, as we saw in the Wormhole exploit, moving tokens outside their established security model poses significant challenges and vulnerabilities. Our answer is more sophisticated, proven audit principles and large-scale MPC security measures.”
He further explains, “First, a regularly expiring Oracle effectively and transparently represents the values across the different blockchains like the double-entry bookkeeping that has proven its worth since the Medici Bank in the 14th century. Second, large scale MPC security measures avoid the accumulation of financial risk across Oracles or epochs. Third, the nodes operating the Oracle in a given epoch provide collateral to back the transferred values and finally, objective imbalances are compensated through a decentralized dispute process.”
The Partisia team is a pioneer in the MPC space, offering commercial-grade MPC software solutions to global enterprises since 2008. It has been involved in bringing the power of MPC to blockchain since 2017, gradually building a privacy-focused solution that ensures DeFi users get access to greater trust and security in moving their assets between individual ecosystems. By merging blockchains and ZK computations in a collaborative fashion, Partisia addresses the privacy and interoperability security issues of on-chain, off-chain, and cross-chain transactions.