One of the biggest hacks in the crypto space occurred on Wednesday night. Wormhole, a renowned cross-blockchain bridge, suffered a hack worth $326M. However, Wormhole’s parent company appears to have stepped up to their defense. Jump Trading Group offered to replenish the huge amount lost. This would prevent chaos in the Solana DeFi community.
Wednesday night was not the best of days for the Solana community. Wormhole, backed by Jump Trading, was held ransom by an attacker who minted about 120,000 ether (ETH), over $320 million. Wormhole reportedly offered the hacker a $10M reward to return the stolen funds. However, the attacker moved the bulk of the stolen funds to the Ethereum main chain.
For more on what happened, if this is an issue for cross-chain bridges, and how to protect your funds, please read our Altcoin Buzz analysis of the hack here.
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole🌪 (@wormholecrypto) February 2, 2022
Wormhole wrote to the attacker, “This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”
Wormhole Left Loopholes
Several analysts and security experts alleged that the hack was possible due to Wormhole’s lapses in validating guardian accounts. Another famous white-hat hacker, Samczsun, hinted that Wormhole failed to fully validate all input accounts. As a result, the perpetrator could fake guardian signatures and mint 120,000 ETH on Solana. In addition, the attacker bridged 93,750 back to Ethereum.
tl;dr – Wormhole didn't properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum.
— samczsun (@samczsun) February 3, 2022
Wormhole’s dev team later issued a tweet announcing that all funds had been replenished. Furthermore, the cross-blockchain bridge said it had fixed the vulnerability that permitted such a hack. It wrote, “ All funds have been restored and Wormhole is back up. We’re deeply grateful for your support and thank you for your patience.”
The team is working on a detailed incident report and will share it asap
18:26 UTC – contract was exploited for 120k ETH
00:33 UTC – vulnerability was patched
13:08 UTC – ETH contract has been filled and all wETH are backed 1:1
13:29 UTC – the Portal (token bridge) is back up
— Wormhole🌪 (@wormholecrypto) February 3, 2022
Jump Trading, the Big Savior
Sources speculated that Jump Trading Group was the much-needed savior that rescued Wormhole and the entire Solana DeFi community from ruin. The platform is a giant VC and quantitative trading firm with over $700M raised in capital. Jump Trading later issued a tweet that confirmed all suspicions of its involvement. The company, which has a stake in Wormhole, acknowledged replacing the 120,000 Ethereum tokens.
It tweeted, “ @JumpCryptoHQ believes in a multichain future and that @WormholeCrypto is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.”
Several experts raised concerns that the hack could have left some Solana-based protocols that accept ETH as collateral insolvent. As a result, the backup was deemed necessary. However, some users believed the backup came because of the huge VC investment in Solana. According to some social media users, Solana’s dependence on venture capitalists for a bailout is a red flag.
Solana, Bank, or DeFi?
Some others added that VCs only fork out $300M as backup funds after taking in more than that. For some commentators, if Solana crumbled to the hack, a huge chunk of VC investment would go down the drain. A user alleged that the top 1.34% of addresses control 99% of the circulating supply.
One Reddit user wrote, “ Sounds more like a bank and less like defi.” Another quickly chipped in, “ Fundamentally against what crypto stands for as if I need another reason to hate on Solana.” A third user suggested that Solana seemed more like a stock market scam. However, some others doubted that the DeFi space could run without the presence of investors.
Recent DeFi Raid
Decentralized finance has been a booming spot in the crypto market for the past year. However, there have been calls for more regulation scrutiny. Despite the huge profits made in the space, there are also cases of huge losses. DeFi services have suffered more than $2 billion in direct losses due to hacks and attacks.
Last year, hackers broke into Poly Network, a blockchain-based platform, and stole more than $600 million in cryptocurrencies. The hackers later returned the funds. However, it paved the way for further attacks. Recently, Qubit, a cross-chain bridge, got hacked for $80 million. There is a huge need to address these hacks and make DeFi safer.
Join us on Telegram to receive free trading signals.
For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
