Another day, another attack. Wormhole, the Solana to Ethereum bridge, was exploited on Wednesday, February 2. An anonymous hacker has managed to get away with a fat paycheck, approximately $321 million making this the biggest Defi hack of 2022. How did this happen, and what actions have the Wormhole project developers taken to rectify this? Let’s divulge deeper into this.
WHAT IS WORMHOLE?
Wormhole is one of the largest bridges between Solana and other blockchains, aiming to facilitate seamless transfer of crypto assets across chains with just one integration. On February 2, Wormhole developers confirmed via Twitter that 120,000 wrapped Ethereum was ‘exploited.’ The network has since been taken offline and promises to be back on shortly after strengthening its security.
Optimism developer @kelvinfitcher has looked into the explorers for both Ethereum and Solana to figure out how the attacker managed to walk away with the funds.
Kevin Filcher confirmed on his Twitter thread that Wormhole has a set of “guardians” that sign off on transfers between chains. He notes that the transaction that pulled out 80K Ethereum was the attacker transferring 80K Ethereum from Solana to Ethereum. According to Filcher, it appears that the attacker has managed to spoof the guardian signatures in the bridge and mint ETH in Solana, which they then bridged back to Ethereum.
An analysis from CertiK shows that the attackers managed to profit thus far at least $251M of Ethereum, $47 million of Solana, and $4 Million in USDC, which is a stable coin pegged to the US dollar.
It appears that the Wormhole team has reached out to the attacker and offered them a bug bounty of $10 million for exploit details and the return of Wrapped Ethereum that has been minted.
Wormhole has since reported that the vulnerability had been resolved and the network will be up as soon as possible.
The Ethereum founder Vitalik Buterin, had previously spoken about this specific issue and predicted that the future does not hold cross-chain bridges as they have fundamental flaws on their security.
Solana’s SOL Token is down 11.59% in the last 24 hours following this attack, according to CoinMarketCap.com
What is Solana?
Solana is a blockchain platform designed to host decentralized, scalable applications. Founded in 2017, Solana is an open-source project currently run by Solana Foundation in Geneva, while San Francisco-based Solana Labs built the blockchain. Solana is much faster in terms of the number of transactions it can process and has significantly lower transaction fees than rival blockchains like Ethereum.
What is Ethereum?
Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether is the native cryptocurrency of the platform. Among cryptocurrencies, Ether is second only to Bitcoin in market capitalization. Ethereum was conceived in 2013 by programmer Vitalik Buterin. Source: Wikipedia.