More On: Solana
An suspected attack Wednesday afternoon cost one of the most popular ethereum-Solana bridges around $320 million.
Solana, a competitor to ethereum that is gradually gaining popularity in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems, is the target of the greatest assault on solana to date.
Ethereum is the most popular blockchain network and a major participant in DeFi, where smart contracts may replace intermediaries like banks and attorneys in certain commercial transactions. Solana, a newer contender, is gaining popularity since it is cheaper and quicker than ethereum.
Because users don't always stay inside one blockchain's ecosystem, developers constructed cross-chain bridges to allow users to transmit bitcoin across chains.
With the Wormhole protocol, users may transport tokens between Solana and Ethereum.
Wormhole developers acknowledged the attack on Twitter, stating the network is “down for maintenance” as they investigate a “potential exploit.” The protocol's official website is down.
According to CertiK, the attacker has made at least $251 million in ethereum, approximately $47 million in solana, and over $4 million in USDC, a stablecoin tethered to the dollar.
A smart contract on each chain is what makes Wormhole operate, says Auston Bunsen, co-founder of QuikNode, a provider of blockchain infrastructure to developers and businesses. There was one on solana and one on ethereum. A bridge like Wormhole takes an Ethereum token, contracts it on one chain, and then creates a counterpart token on the other chain.
An initial investigation by CertiK has identified an attack vector on the Wormhole bridge that created 120,000 “wrapped” ethereum tokens for the attackers. These tokens are tied to the value of the original currency but may be used on different blockchains. They utilized these tokens to claim ethereum on the ethereum side of the bridge.
Pre-attack, the bridge kept a 1:1 ethereum-to-wrapped ethereum ratio on the solana blockchain, “basically operating as an escrow service,” says CertiK
A total of 93,750 ETH have been removed from the collateral pool as a result of this hack.
Wormhole claims it will contribute ethereum to the bridge “over the coming hours” to support its wrapped ethereum tokens, although it is unclear where the cash would come from.
The security of bridges that jump over various ‘zones of sovereignty' is limited, according to Ethereum co-founder Vitalik Buterin.
Bridges that store hundreds of millions of dollars in escrow and operate across two or more blockchains are great targets for hackers, according to CertiK's post-mortem analysis.
In recent months, high-value crypto exploits have surfaced.
According to CertiK co-founder Ronghui Gu, the $320 million Wormhole Bridge breach indicates a rising pattern of assaults against blockchain systems “This hack raises concerns about blockchain security.”