Wormhole, a popular multichain bridge was recently exploited for 120,000 wETH, approximately $320 million. This is the 2nd largest hack in the last year, where Poly Network was hacked for $611 million.
Therefore, in this article, you will discover everything about the Wormhole hack. But first, let’s take a look at the recent timeline of crypto hacks.
Crypto Hacks Timeline
According to Elliptic, we have lost almost $ 2 billion just from the Top 5 Hacks. While exchanges and other protocols have strengthened their security, cross-chain protocols are showing the most vulnerability now. Note that, Poly Network is also a cross-chain protocol.
So, what is causing such Hacks? Are we using products that are just experiments? Will Wormhole be able to recover? What is the future of cross-chain bridges?
This is what Happened with Wormhole’s Hack
Wormhole uses the “Guardian” model, a system of multiple decentralized cross-chain oracles. The Solana Node validators run these systems and “the guardians” are responsible to sign off any transaction. In the case of bridges, they lock the bridged token on Solana and then mint new tokens on the corresponding chain.
In short, the hacker has replicated the verification signatures and the transaction looked was approved. Here is the timeline:
- The hacker first created a legitimate transfer of 0.1 ETH from Ethereum to Solana. Therefore, the Guardians validated this.
- The hacker exploited a vulnerability in the Solana chain. He created his account that stored the same data that Instructions silver would have stored. This process bypassed signature validation entirely. Then, he minted 120,000 ETH in the Solana chain.
- He was able to bridge the ETH to the Ethereum Network. Here is one of the larger transactions.
More About the Wormhole Hack
The hack has caused a disparity between the “ETH: WETH” ratio. WETH is usually backed 1:1 with ETH. The replenished ETH has also been added back by Jump Crypto which owns Cetrus One, the company behind Wormhole.
Jump Trading group is already a well-established research-driven trading firm in the traditional market. They did not disclose the terms of this action.
Moreover, after the hack, the Wormhole team has deployed a fix to the vulnerability. The network is also back up now.
Also, Wormhole has offered the hacker a $10 M bounty to return the funds. They sent the below message to the hacker’s Ethereum address. You can find the message in the picture below:
What should you do as a user?
The hack will not hugely impact normal users. Most of us use bridges for one-direction transfers and then use up the fund for various purposes. In case the ETH loses peg, you have lost the value of your Solana ETH in the Ethereum ecosystem and also you are unable to get back your original currency and stuck in the 2nd chain. As Jump Crypto has now brought back the peg by adding back the ETH from their fund, the bridge should act normally.
We would always recommend you to use safer bridges like Celer C Bridge.
So, should you continue using Bridges? Bridges are stop-gap arrangements. They do not solve the fundamental problem that Blockchains do not talk to each other. The current lock and mint bridge architecture have multiple drawbacks:
- As bridges are becoming multichain, the trail of a particular token is getting spread across multiple chains. Multiple dApps will use these tokens, so this will create interdependencies between the chains. Therefore, this threatens the economy of the entire ecosystem.
- As bridges lock a huge volume of ETH and can be a single failure point, the incentive to attack bridges is very high.
Wormhole, a DeFi bridge between Solana and other blockchains, has reportedly been exploited – with $260 million stolen. That makes it the fifth largest #crypto hack of all time.
Wormhole has offered the attacker a $10 million "bounty" to return the funds. pic.twitter.com/jKKEqFhbR2
— Tom Robinson (@tomrobin) February 2, 2022
Read more on what Vitalik Buterin has to say about this here. If you want to know more about Ethereum bridges, look for Optimism or Arbitrum.
Finally, the future belongs to multichain blockchains wherein the core there is the Layer 0 chain that ideally feeds on security and governance to its network blockchain. This makes all such blockchains interoperable. The Polkadot Parachain network and Cosmos IBC are great examples.
To learn more about the resolution to this hack, Jump Trading’s involvement, and whether their involvement is positive or negative for the industry, check out our follow-up here.
Join us on Telegram to receive free trading signals.
For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.