2.7 k

REKT: $326M Hacked From Popular Ethereum-Solana Bridge

Yet another multi-million dollar hack has impacted the crypto ecosystem. This time, it’s against Wormhole – a famous cross-chain bridge to bring non-native cryptocurrencies to other blockchain networks.

Over $300 million worth of wETH were unfairly generated through a protocol exploit. This comes a month after Vitalik warned the crypto-community of the security flaws inherent with cross-chain protocols and intermediaries.

Hours ago, Wormhole warned the community of a potential protocol to exploit over Twitter. The team put the network under maintenance in the meantime. Then, at 5:25 PM EST, they confirmed that Wormhole had been “exploited for 120k wETH.”

120k wETH Stolen

wETH (wormhole ETH) is the artificial substitute for Ether. Its purpose is to effectively transfer one’s ETH holdings from Ethereum to other chains. To make this work, one must transfer ETH to trusted “bridges.” These intermediaries reliably hold one’s original Ether out of circulation.

In return, the intermediary transfers the exact same amount of wETH to the user on the new chain. The version of wETH  here is that which is compatible with Solana. A similar type of asset exists for Bitcoin called “Wrapped Bitcoin” (WBTC), giving it compatibility with Ethereum.

By design, “wrapped” assets should maintain the value of their underlying cryptocurrency. Meanwhile, they should exploit the tools available on other chains. However, they operate under the premise that the supply of such tokens remains reliably pegged and not inflated. If that happens investors are likely to rapidly lose confidence in the new asset.

As such, Wormhole claims to be securing more ETH to maintain their wETH peg after the hack. However, Twitter users showed scepticism as to where they could possibly locate these funds, worth $322M at the time of writing.

“If nobody backs it and the coins are truly gone then Wormhole ETH is worth 0 and everyone who has a balance of it becomes worthless,” said George Harrap, founder of Solana DeFi platform Step Finance. “DeFi protocols, users, everyone.”

The attacker appears to have minted 120k wETH on Solana, using their exploit. On-chain data shows 80k wETH having been transferred from Wormhole to a new Ethereum address, now holding $250 million of ETH. The other 40k wETH was left on Solana and sold for other assets.

The wormhole team has since reached out to the hacker through an ETH transaction. They promised a $10 million bounty in return for the stolen wETH and exploit details.

Vitalik’s Warning

In a recent popular Reddit comment, Vitalik explained why he believes the future of crypto will be “multi-chain”, but not “cross-chain”. Fundamentally, he stated that cross-chain bridges contain security gaps and a level of “trust” that is the very antithesis of crypto.

He highlighted 51% attacks as an even greater weak point. While such an attack may not be catastrophic on an isolated chain, it could disrupt various asset pegs with other chains, destroying various crypto economies.

“It’s always safer to hold Ethereum native assets on Ethereum, and Solana native assets on Solana,” he said.

Ethereum live price
price change

Recently, Crypto.com admitted to being hacked for $34 million in user’s funds. Such hacks of custodial services can prove devastating for their maintainers. Mt. Gox is still sorting out rehabilitation for their users after being hacked in 2014.

Stay up to date with our latest articles