So guys, get this, hackers have been at it again, this time exploiting a vulnerability on popular crypto bridge, Wormhole, and making off with more than $320 million, the second biggest DeFi exploit to date and the largest attack on Solana, and ya can't say Ethereum founder, Vitalik Buterin didn't call this weeks ago. Let's get into it.
What is a Crypto Bridge?
According to , a crypto/ blockchain/ cross-chain bridge is an interoperability protocol which connects two blockchains and allows users to send cryptocurrency from one chain to another. While the blockchains mint different coins and operate with different rules, the bridge allows users to smoothly switch between one or the other without the use of a centralized exchange.
Wormhole, one of the more popular bridges, announced its "safe" and trustless bridge between Ethereum and Solana in September 2021. Today, Wormhole has over $1 billion in total value locked, and, according to its Twitter account, supports seven different blockchains including Avalanche, BINANCE Smart Chain, Ethereum, Oasis, Polygon, Solana, and Terra.
In this instance, however, the threat actor was able to exploit a vulnerability on the Solana side of the SOL-ETH bridge and make off with millions.
And I'm not one for foul language, but...
Hacking a Wormhole
So, according to reports, the attacker minted 120,000 wrapped ETH (wETH/ WETH) on the Solana side of the bridge, redeemed 93,750 WETH for ETH worth $254 million, and swapped the remaining WETH for SOL and USDC on Solana, $44 million.
And if you're wondering how the exploit worked, here's a breakdown:
And according to reports, CertiK, smart contract auditing firm and overall bearer of great news, is also reporting that a similar vulnerability exists on Wormhole's bridge to Terra.
Well, what are you waiting on Wormhole guys? Get on it, stat!
Wormhole Responds
Wormhole's portal bridge is down at the moment as the team scurries to assure users that a fix has been deployed and, most importantly, "all funds are safe".
On Twitter, the team has assured that ETH will be added over the next hours to ensure that wETH remain backed 1:1 although it's not clear where they're getting these funds from. And if this Twitter user's response counts for anything, well...
Anyways, the Wormhole team contacted the hacker through their Ethereum address and offered the hacker a whitehat agreement, suggesting a bug bounty of $10 million worth of funds for exploit details and the return of the minted wETH.
Will the hacker take the bounty and move on without the complications? Who knows?
SOL Drops Again
Man, Solana can't seem to catch a break these days. Since reports of the hack, SOL has fallen more than 13%, trading at approximately $95 at the time of writing, even as Solana Labs announces its new decentralized digital payment platform, Solana Pay.
What Vitalik Said...
So, like I said, guys, Vitalik warned y'all.
In a tweet on January 7th, Vitalik stated that there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty"
He states, and I quote, "Imagine what happens if you move 100 ETH onto a bridge on Solana to get 100 Solana-wETH, and then Ethereum gets 51% attacked. The attacker deposited a bunch of their own ETH into Solana-WETH, and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH..."
Now Vitalik, bro, while this is not the exact scenario on Wormhole, you've be thinking someone read this tweet, followed your train of thought and, well, imagined, right?
Anyways, guys, what do you think of this latest development? Me, I'm seeing conspiracies around every corner. Listen, I know you're gonna find criminals and creeps wherever you go, whatever you do, and especially as long as there's value and currency exchanging hands in some form, sometimes I think these guys are plants, liking warning signs, right? Making the case for crypto and crime. Because shiiid, seems like you can't go a full month without a report of some multimillion dollar crypto hack or theft.
Lemme know your thoughts on this one, guys. In the meantime, I'm off with my magnifying glass and my dear digital Watson to follow the clues in this developing story. Until the next time, please be safe, arriverderci!
