The popular Solana Wormhole bridge linking the Ethereum and Solana blockchains lost more than $320 million Wednesday afternoon in an apparent hack.
Developers representing Wormhole confirmed the exploit on its Twitter account, saying that the network is “Down for maintenance” while it looks into a “potential exploit.”
‼️ The wormhole network is down for maintenance as we look into a potential exploit.
? We will provide updates here as soon as we have them.
? Thank you for your patience.
— Wormhole? (@wormholecrypto) February 2, 2022
It is DeFi’s second biggest exploit ever, after the $600 million Poly Network crypto heist, and it is the largest hacker attack on Solana till now, and increasingly gaining traction in Non-Fungible Token (NFT) and Decentralized Finance (DeFi) ecosystems.
Wormhole is a protocol that lets users move their tokens and NFTs between multiple blockchain (Solana and Ethereum).
According to CertiK, blockchain cybersecurity firm, the attacker steal at least $251 million worth of Ethereum, nearly $47 million in solana, and more than $4 million in USDC, a stablecoin pegged to the price of the U.S. dollar. As per Etherscan, 80,000 in Wrapped ETH (WETH) was transferred into the hacker’s wallet.
CertiK’s analysis shows that the attacker exploited a vulnerability on the Solana side of the Wormhole bridge to create 120,000 so-called “wrapped” Ethereum tokens for themselves. (Wrapped Etherum tokens are pegged to the value of the original coin but are interoperable with other blockchains.) It appears that they then used these tokens to claim Ethereum that was held on the Ethereum side of the bridge.
Prior to the exploit, the bridge held a 1:1 ratio of Ethereum to wrapped Ethereum on the Solana blockchain, “acting essentially as an escrow service,”. “This exploit breaks the 1:1 peg, as there is now at least 93,750 less ETH held as collateral,” Certik’s report.
Developers are now negotiating with the hackers, who sent an on-chain message on Notifi requesting the return of the funds for 10 million (4.7%) :
Ethereum co-founder Vitalik buterin, previously said that bridges won’t be around much longer in the crypto ecosystem, in part because there are “fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty.’”
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
“The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols,” said CertiK co-founder Ronghui Gu. “This attack is sounding the alarms of growing concern around security on the blockchain.”