Wormhole, a Solana and Ethereum bridge, suffers a $320M hack

2 years ago 147
Wormhole hack

Wormhole, a bridge that links Ethereum and Solana, has lost over $320 million (£236.08 million) to a malicious actor. A report unveiled this news on February 2, noting that the attacker stole the funds earlier that day. The developers behind the Wormhole protocol confirmed this news on Twitter.

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

As a result, the developers shut down the wormhole network to look into the network. In a subsequent tweet, the Wormhole team disclosed that it had fixed the vulnerability and is working to get the network back up as soon as possible.

The vulnerability has been patched.

We are working to get the network back up as soon as possible.

— Wormhole🌪 (@wormholecrypto) February 3, 2022

At the time of writing, this tweet is six hours old, and Wormhole is not yet back up. According to the protocol’s website, the deployed fix has helped secure user funds. However, the team has not offered an estimate of how much time it needs to restore services.

ETH formed the bulk of the stolen funds

Per CertiK, a blockchain cybersecurity firm, the hacker made away with at least $251.00 million (£185.15 million) worth of Ether (ETH/USD), around $47.00 million (£34.67 million) worth of Solana (SOL/USD), over $4.00 million (£2.95 million) in USD Coin (USDC/USD).

Certik’s preliminary analysis found that the attacker exploited a vulnerability on the Solana side of the Wormhole bridge and created 120,000 wrapped Ethereum (wETH) tokens. The hacker proceeded to use these tokens to claim ETH held on the Ethereum side of the bridge.

Before the attack, Wormhole maintained a 1:1 ratio of ETH to wETH on the Solana blockchain. At this state, the bridge acted like an escrow service. However, the hacker upset this balance, seeing as the collateral side now lacks around 93,750 ETH.

While the Wormhole team has promised to add more ETH to restore the 1:1 peg, it is worth noting that 90,750 ETH is a big chunk of money. This, perhaps, explains why Wormhole is yet to resume services.

Commenting on this exploit, CertiK co-founder Ronghui Gu said,

The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols. This attack is sounding the alarms of growing concern around security on the blockchain.

It is worth noting, this is the biggest attack on the Solana network to date. It is also the second-largest decentralized finance (DeFi) exploit after Poly Network’s $600.00 million (£442.84 million) attack in August last year.

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

The post Wormhole, a Solana and Ethereum bridge, suffers a $320M hack appeared first on Invezz.

Read Entire Article