A cautionary tale about pegged tokens…
I wanted to write this post to explain that not all pegged tokens in the cryptocurrency space are created equal. Last year (2019) I lost some money due to a hack that happened with a pegged token on the IOST blockchain, and I haven’t seen many talk about this. I feel that it’s important to document this situation so we can learn from it and grow.
What are pegged tokens?
Here’s a quote on the subject from Trust Wallet:
‘Peg’ means to tie the value of one crypto to another. The main purpose of these tokens is to allow trading of the assets in DEXes that is not currently possible due to their different blockchains.
What are Pegged Tokens?
Typically you see pegged tokens used to bring one cryptocurrency to a different blockchain. Probably the most popular pegged asset is WBTC, or Wrapped Bitcoin. 1 BTC is held for every WBTC issued on the Ethereum blockchain, and this enables users and developers to build applications that use Bitcoin on Ethereum. Pretty cool!
So what’s the issue?
The issue arises with how the tokens backing the pegged token are stored, and/or how the pegged token is minted. In the case of WBTC a centralized group is in charge of custody over the BTC backing WBTC, and they’re also in charge of swapping WBTC to BTC and vice versa.
Having a centralized group maintain custody of the BTC is not ideal for many reasons, the main reason being security. A single hack of the custody wallet could clear out all of the BTC, making WBTC worthless. This is exactly what we saw happen on the IOST blockchain.
iTRX – Tron on IOST
In June of 2019 a team running a casino on the IOST blockchain created the iTRX token. The goal was really simple, allow users to swap their Tron for iTRX so Tron could be used to gamble on IOST. This was implemented in a centralized fashion similar to WBTC. An off-chain service would watch for TRX deposits on Tron, and mint iTRX on IOST. When iTRX was deposited, the service would burn the iTRX and release the TRX backing it.
In the beginning iTRX accomplished it’s goal, it brought many Tron users and holders to the IOST blockchain. iTRX was so successful that other dapps started to add support for it, including my own dapp BlockArcade.
It was great while it lasted! Late 2019 during a sale of the casino platform the server running the centralized off-chain service was hacked. A hacker gained access to the server, found the private key for the wallet containing the TRX, and they stole all of the TRX that was suppose to be backing iTRX.
In a matter of minutes all iTRX held by users and dapps was rendered worthless. You could no longer swap iTRX back to TRX since there was no more TRX. Obviously this was a big hit for the community, over 5 million TRX tokens were stolen.
This was an easy hack because there was a single point of failure in the system, a single server that when hacked could bring the iTRX token down.
How can we avoid worthless pegged tokens?
Let’s look at a comparison of how WBTC works vs tBTC, a new decentralized competitor.
On the left we see WBTC which I covered above, a single entity handles everything off chain. This is the setup that was implemented for iTRX and clearly it’s far from ideal. As users we just have to trust that the WBTC (or iTRX) creators will do the right thing.
On the right we see a slightly more complicated setup from the tBTC team. Here a decentralized network of nodes watch for BTC deposits in a multi-signature wallet on the Bitcoin blockchain. After enough nodes have witnessed the deposit and are able to validate it, a multi-signature transaction is issued to mint the tBTC ERC-20 token. A similar process is followed to go from tBTC back to BTC.
The main difference between the WBTC and tBTC setups is decentralization. With tBTC there’s not a single entity that can mint tBTC, or move the backing BTC. This also means there’s not a single point that can be hacked to bring the token down. This is clearly better for security, better for decentralization, it’s just better!
Wrap up
My goal with this post is not to shame anyone, or point fingers, I just wanted this situation documented so we can work together to avoid it in the future. It’s my opinion that we should avoid building or using centralized pegged tokens, and focus our time and efforts on building solutions that are built to last.
There are teams doing good work in this space today, like the Bitfrost project which uses a Polkadot parachain to come to consensus on actions performed on different blockchains.