Solana is facing its toughest test yet. After a host of previous challenges, the Wormhole bridge linking ETH with Solana has lost $320 million worth of crypto in what looks to be a hack. If so, this would be the second largest exploit in DeFi ever, after the $600 million Poly Network heist.
Wormhole’s protocol allows users to move their tokens and NFTs between Ethereum and Solana. Wormhole’s devs confirmed the exploit via Twitter late last night:
The team later released details of the hack, along with how much “Wrapped ETH” (wETH) was siphoned off:
Analysts believe that the hacker’s profits are currently sitting at $251 million worth of Ethereum, $47 million worth of SOL, and just over $4 million in USDC. Although those prices may well be lower as the day progresses and markets react to the news.
Reports say that the hacker found a vulnerability on the Solana side of the Wormhole bridge, and created 120,000 wETH tokens for themselves. Due to the exploit, the 1:1 wETH pegged collateral was reduced by 93,750 ETH. As per the above Twitter screenshots, Wormhole say that they will be adding ETH to the bridge in coming hours to ensure the wETH tokens remain fully backed 1:1.
DeFi software developer “samczsun” also provided an outstanding report on the attack, walking users through exactly how the hacker did what they did:
Interestingly, Vitalik Buterin has stated previously that blockchain bridges won’t last forever, primarily because there are limits to their security.
As per Vitalik’s prediction a few weeks ago, when bridges hold significant assets in escrow, they increase their matrices that can be attacked, and thus become prime targets for astute hackers. This considerable hack brings DeFi security into the spotlight amid a growing number of attacks, with an alarm sounding ever louder of concern regarding DeFi and smart-contract platforms.