In an apparent hack on Wednesday afternoon, Wormhole, the cross-chain bridge linking the Ethereum and Solana blockchains, lost more than $320 million. This is, notably, the largest attack to date on Solana.
More often than not, crypto HODLers do not operate exclusively within one blockchain ecosystem. So, cross-chain bridges were brought into existence to aid users to send cryptocurrencies from one chain to another. Wormhole is one such bridge that facilitates the same.
Taking Twitter to inform the community about the hack, the official Wormhole handle tweeted,
The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1.
The team spontaneously started working to get the network back up quickly, and within a few hours, the vulnerability had been patched. Nonetheless, the protocol’s official website is still offline.
Wormhole developers have attempted to contact the attacker via a blockchain message. The team members have extended a “white hat agreement” and offered the attacker $10 million to reveal their exploit strategy and return the stolen funds.
That message also highlighted that the attacker was able to mint new tokens by exploiting the verification of Wormhole’s Solana VAA, the messaging system processed by receiving blockchains.
Opining on the same and drawing parallels with the Poly network hack, the founder of Policy 4.0, one of India’s Emerging Tech policy think tanks, Tanvi Ranta tweeted,
#Wormhole PR spins this by offering the hacker a bug bounty. Reminiscent of the #Poly hack where community sniffed out the hacker & offered him bounty + a Chief Security Officer job.
Community policing with incentives 🙂
The cross-chain dilemma
Fortuitously, Ethereum co-founder Vitalik Buterin had warned about the shortcomings of cross-chain bridges in early January and asserted the security risks inherent in such protocols. He went on to claim that the future “will not be cross-chain.”
In fact, Ryan Watkins, previously associated with the research team at Messari also shared a similar opinion. After highlighting that the Wormhole exploit was not only one of the largest exploits witnessed but also one with the most cross-contagion one witnessed, he exclaimed,
“Cross-chain is hard.”
Keep an eye on this space. Watcher Guru will publish a postmortem report shortly.