As the most widely used Rollup-as-a-Service (RaaS) platform for launching such chains, the Conduit project’s multi-sig wallet is all that’s needed for hackers to pull this off. Andrew Huang, founder of Conduit, has reassured the community that they need not be concerned about this possibility, despite the widespread alarm. We should discuss the matter further.
Recall that a transaction requires two or more signatures, abbreviated as “multisig,” in order to be finalized. To make their blockchain projects more secure, developers use this feature, which makes it much harder to hack into a particular storage of digital assets. Developers and users alike can rest easy knowing that even if a hacker gains access to one wallet, they will still be unable to empty it without first requiring a signature using a different key.
Users are flocking to Ethereum-based L2 networks for their cheap fees and comparatively quick transactions. Furthermore, Dencun, an extensive upgrade to the Eth network, was activated earlier on March 13. Its primary characteristic was a notable decrease in commissions in second-level chains.
There are a lot more transactions happening on the top L2 networks than on the main Eth network. For instance, in April, a record 82% of transactions occurred on such chains (yellow), while only 18% occurred on the main Ethereum network (orange).
Activity on the Ethereum main network and L2 networks compared
Blockchain systems’ potential dangers
Some networks were in danger, including Zora, Aevo, Hypr, Ancient8, Lyra, Mode, Pgn, Parallel, and Metal. The RaaS provider Conduit, a dedicated platform for developing rollups, was used to create all of them. Meanwhile, rollup is the go-to method for scaling Ethereum-based second-layer networks. Central to it is the processing of transactions and data entry into this chain that takes place outside of the main network, also known as the Eth mainnet.
Researcher Luca Donno of L2BEAT, who goes by the pseudonym donnoh.eth on Twitter, brought attention to their vulnerability in a related tweet. Before this, 0xMert_, the Twitter handle of Helius CEO Mert Mumtaz, expressed his thoughts on Conduit’s centralization.
The team took the Degen L3 network offline to do technical work after he published a screenshot of Conduit’s official announcement about the problems. That is to say, there is no way to discuss autonomy and decentralization when the RaaS provider can just turn off the network, creating a single point of failure.
Informing the public about issues with Degen
Donno elaborated by saying that a single address allows a Conduit representative to affect transactions in all of the aforementioned rollups. The official Zora documentation makes note of this wallet, which serves as a ProxyAdminOwner, a node with the ability to update the integration of bridges between certain chains.
Without getting too technical, the wallet can access funds in any network that was created using Conduit.
Documentation for Zora’s multisig wallet
As an example, the amount of funds that have been blocked reaches $72 million in the Aevo network alone. Experts agree that the aforementioned wallet opens up nearly “unlimited” options for network administration.
Aevo project documentation includes a multisig wallet.
Locked up on the Lyra network are assets worth around $20 million. You can find the same wallet called ConduitMultisig in the relevant documentation here.
The Lyra project documentation includes a multisig wallet.
Andrew Huang, founder of the RaaS provider, confirmed this information in an interview with representatives from Cointelegraph. He went on to say that the wallet is secure because of a multi-signature system; in other words, a hacker would need the nearly impossible-to-obtain private keys of three out of five wallet owners in order to access the funds. On top of that, the keys can only be accessed physically by the attacker since they are stored offline.
The use of multiple signatures to secure a bitcoin address is a viable option. But it’s not just him; Conduit’s centralization is the root of the problem. Despite Huang’s assurances that the security system will soon be enhanced, five out of seven keys are already required to access the wallet. On a global scale, though, this won’t help.
As Ethereum and other altcoins gain traction, second-layer networks built on the platform may attract a greater number of users and investors. The first Ethereum spot ETF is anticipated to be approved by the US Securities and Exchange Commission this week, marking a surprising shift in their stance.
As a result, attention will turn to Ethereum and its associated ecosystem, which comprises L2 networks, with the introduction of a new investment instrument.
Monthly fluctuations in the price of Ethereum (ETH)
The first cryptocurrency hit a new all-time high of $73,777 on March 14th, despite the fact that the launch of spot Bitcoin ETFs on January 11, 2024, attracted huge capital.
Funds are still pouring in today. For instance, as of Wednesday, $153.9 million had poured into US-based spot Bitcoin ETFs, with $91.9 million coming from BlackRock’s iShares Bitcoin Trust (IBIT), the biggest investment firm in the world.
Money going into and out of spot Bitcoin ETFs
On top of that, the ETF rankings that use Bitcoin volume as their basis crowned BlackRock’s product number one for the first time this week. Thereafter, Grayscale’s GBTC regained the lead, albeit with a very fragile advantage.
Midway through the week, the Bitcoin ETF from BlackRock was ranked first among similar products.
Since you’d have to acquire access to multiple wallets simultaneously to steal the specified amount in the listed L2 networks, it seems implausible that it will be possible. Simultaneously, the situation exposed a major issue with decentralization of such chains, which is typically not hidden by those who create them. For instance, in Coinbase’s widely used Base solution, a single sequencer node is in charge of adding new transactions and maintaining the chain’s overall operation; Coinbase oversees this node. Therefore, this is a pivotal moment for decentralization advocates.