Wormhole token bridge that links the Ethereum and Solana blockchains, seemingly an unimportant piece of tech for its function, lost over $321 million Wednesday afternoon.
This is the largest attack to date on Solana. A competitor to Ethereum that’s progressively gaining grip in the non-fungible token (NFT) and DeFi ecosystems. The $600 million Poly Network crypto heist was bigger, but it involved cryptocurrencies rather than blockchain technology, which may explain why critics call this new development “pretty historic.”
The heist occurred on Solana’s side. The discovery of a vulnerability on the Solana side has raised concerns that it could be similarly vulnerable to Wormhole’s bridge.
The Wormhole team announced that they would replenish the Ethereum (ETH) supply to make sure wETH is backed 1:1, but it’s not clear where those funds come from or when.
The assailant managed to hack into a smart contract and steal $321 million worth of wETH. The heist happened at 6:24 pm UTC on February 2nd when 120,000 wETH were minted by an attacker who then redeemed 93,750 wETH for ETH, equivalent to $256 million. These funds allowed them to buy SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK) & Bored Ape Yacht Club Token (APE).
With the remaining WETH swapped for USDS and SOL on Solana, the hacker now holds 432,662 SOL ($44 million) in Solana wallet.
CertiK, a smart contract auditing firm, reported potential vulnerabilities within Wormhole’s bridges to other blockchains in today’s press release. However, the report says that it “is possible” patches or upgrades could address these shared concerns.
Is Wormhole Lucky Enough As Poly Network?
The Wormhole team is serious about getting their money back. They’ve offered a $10M bug bounty, which they will pay out if anyone can find an exploit to return it.
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details and returning the wETH you’ve minted. You can reach out to us at email@example.com.”
The Wormhole team is working hard to fix an exploit reported recently. Unfortunately, as of now, wETH tokens sent across the bridge are not yet redeemable while they strive in their effort.
Two smart contract exploits in a week. The first one was on Qubit Finance’s token bridge last Friday, and now this new vulnerability. It reminds us very much about Poly Network hack where they stole nearly $610 million from investors. Poly Network was lucky enough to get its funds back through whitehat hacker intervention.
Related Reading | Poly Network Confirms Hacker Has Returned Most Of The Stolen Crypto
Tech Giants Reviews on Token Bridge Heist
Vitalik Buterin’s warning that “fundamental security limits” on token bridges has come true by recent events. The frequency of smart contract hacks emphasizes his point about layer-1 blockchains being vulnerable. Moreover, hackers pillage other platforms for their gunfire fodder and attack routes into new territory without any defense against such tactics.
We reached out to Ali Qamar, Cyber Security Expert and PrivacySavvy founder, for comment on the hacker exploiting a security flaw to mint wETH without depositing any ETH themselves. The privacy education hub lead brain commented,
The heist is a reminder that the DeFi services’ security is yet to reach a level appropriate for the enormous amounts of funds being stored within them. Blockchain transparency seems to allow attackers to spot and exploit significant bugs.
What Is Token Bridge
Ether is the most popular blockchain network in use today, and it’s being looked at by many people who want to replace banks or lawyers when working with smart contracts. However, there are other options available such as Solana – which might be cheaper & faster depending on your needs.
The introduction of cross-chain bridges has made it easier than ever for Crypto holders to operate outside their ecosystem, with no limitations on where they send or receive cryptocurrencies from.
Related Reading | What Are Blockchain Bridges?
The Wormhole is a revolutionary new protocol that allows users to move their tokens and NFTs between Solana, Ethereum’s most popular smart contract platform.
Investor excitement about the potential for Solana’s network to become more widely used led it into the crypto top ten last year. The price of one token has increased by 1,600% since February 2021. The combined value reached an all-time high last year, with $78 billion worth.
Bitcoin price is 4% down since the recent heist. Source: Tradingview.com
However, the Solana value has fallen quickly since the recent crypto heist and currently trades at under $100 per token. Furthermore, the decline relates to a broader crypto market crash. The crash hit bitcoin and other major cryptocurrencies such as Ethereum or lite coin. As a result, their values have dropped significantly over time.
Featured image from Pixabay, chart from TradingView.com