Wormhole, a Solana and Ethereum bridge, suffers a $320M hack
- Reportedly, the hacker exploited a vulnerability on the Solana side of the Wormhole bridge.
- Wormhole claims it has already patched the vulnerability and is trying to restore services.
- Notably, this is the most significant attack related to the Solana network to date.
Wormhole, a bridge that links Ethereum and Solana, has lost over $320 million (£236.08 million) to a malicious actor. A report unveiled this news on February 2, noting that the attacker stole the funds earlier that day. The developers behind the Wormhole protocol confirmed this news on Twitter.
As a result, the developers shut down the wormhole network to look into the network. In a subsequent tweet, the Wormhole team disclosed that it had fixed the vulnerability and is working to get the network back up as soon as possible.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
At the time of writing, this tweet is six hours old, and Wormhole is not yet back up. According to the protocol’s website, the deployed fix has helped secure user funds. However, the team has not offered an estimate of how much time it needs to restore services.
ETH formed the bulk of the stolen funds
Per CertiK, a blockchain cybersecurity firm, the hacker made away with at least $251.00 million (£185.15 million) worth of Ether (ETH/USD), around $47.00 million (£34.67 million) worth of Solana (SOL/USD), over $4.00 million (£2.95 million) in USD Coin (USDC/USD).
Certik’s preliminary analysis found that the attacker exploited a vulnerability on the Solana side of the Wormhole bridge and created 120,000 wrapped Ethereum (wETH) tokens. The hacker proceeded to use these tokens to claim ETH held on the Ethereum side of the bridge.
Before the attack, Wormhole maintained a 1:1 ratio of ETH to wETH on the Solana blockchain. At this state, the bridge acted like an escrow service. However, the hacker upset this balance, seeing as the collateral side now lacks around 93,750 ETH.
While the Wormhole team has promised to add more ETH to restore the 1:1 peg, it is worth noting that 90,750 ETH is a big chunk of money. This, perhaps, explains why Wormhole is yet to resume services.
Commenting on this exploit, CertiK co-founder Ronghui Gu said,
The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols. This attack is sounding the alarms of growing concern around security on the blockchain.
It is worth noting, this is the biggest attack on the Solana network to date. It is also the second-largest decentralized finance (DeFi) exploit after Poly Network’s $600.00 million (£442.84 million) attack in August last year.