Wormhole Bridge Hacked for $325 Million

On February 2nd one of the top 5 crypto hacks of all time happened on the DeFi platform Wormhole. An attacker was able to make off with the nearly $325 Million by exploiting the Solana side of the bridge. Additionally, the hacker may have become aware of the potential exploit due to a Wormhole GitHub repository upload. This means the protocol may have tipped off the hacker to the vulnerability.

The exploit happened not even a month after Vitalik Buterin, Ethereum’s co-founder, discussed security limitations with bridges.

Guy is a Giga-Brain

And it has only been 2 weeks since another bridge, Qubit’s QBridge protocol, was hacked for $80 million.

What is does the Wormhole Bridge Do?

In general, a bridge allows a user to send transactions and tokens back and forth between different chains. Wormhole allows users to interact with 6 separate chains. (Avalanche, Binance Smart Chain, Ethereum, Oasis, Polygon, Solana, and Terra).

Wormhole is one of the biggest bridges but the complexity of connecting multiple chains increases the number of attack vectors. For instance, if you have funds on Ethereum and want to move over to Solana, you could use wormhole to lock your $ETH into a smart contract on the Ethereum side and mint an equivalent $wETH on Solana. Your actual $ETH remains locked in a smart contract and your synthetic $wETH is available to transact on Solana.

From the bridge’s perspective, it is interacting with solidity language on Ethereum chain and rust language on Solana chain.

What Happened In the Wormhole Hack?

In this particular hack, the exploit was on the Solana side of the bridge. The hacker was able to exploit a bug in the smart contract and forge a valid signature for a transaction. This allowed for $325 million in $wETH to be minted (120,000 $wETH total) without putting in any equivalent tokens. The $wETH is wrapped Ethereum, an $ETH equivalent used on other chains to represent $ETH.

Once the 120,000 $wETH was minted on the Solana side, the hacker was able to use the bridge to exchange for $ETH on the Ethereum network.

Unfortunately, in this case it appears that the attacker may have been tipped-off to the vulnerability by Wormhole itself. A recent open source code commit to the GitHub repository may have alerted the hacker to the opening. The commits would have fixed the vulnerability but were not implemented yet.

Wormhole Bridging Protocol was hacked for $325 Million
Artists’ rendering of the hack in progress

Since the code to fix the issue may have been written nearly 3 weeks earlier, indicating the error was known, it is unclear why the exploit wasn’t flagged and caught before the $ETH could be withdrawn.

What is Next for Wormhole?

Wormhole reached out to the hacker in a message to their wallet shortly after the hack. They offered a $10 million white hack bounty if the hacker returned the funds. Additionally, there is a $10 million reward for anyone who provides details that lead to the arrest of the perpetrator.

Finally, Wormhole has provided the $325 million to the Ethereum side of the bridge to make up for the hack. Therefore, no users will be impacted by the exploit. This did get people wondering where Wormhole came up with such a large amount of money on short notice.

Who is Wormhole?

Wormhole is a project by Certus One, which is owned by privately held Jump Trading, LLC. Jump Trading is not some brand new start-up but part of a decades old trading firm. Additionally, Jump Trading paid Robin Hood nearly $250 million last year for Robin Hood to send its crypto trades through Jump. This makes it similar to Citadel’s relationship with Robin Hood on the stock side.

Despite the big financial loss and bad press, Wormhole will likely survive as bridging use continues to grow. Over $20 Billion in crypto is currently locked into various smart contracts on bridges. However, with all that money sitting out in smart contracts with various ways to attack it, you can expect more stories of hacks.

Should You Avoid Bridges?

Bridges are a potentially exploitable part of the crypto ecosystem right now. However, if you are active in crypto it is hard to completely avoid them. For one, you are not always able to get on-chain directly (ie-buy the native token). Even if you can, you may have the majority of your net worth already on a different chain and bridging is easier than off-chaining to cash and then reinvesting.

Additionally, there has been many opportunities to arbitrage price differences of a token on two different chains. For example, if you could send 1 $wETH from one chain and receive more than 1 $wETH on another chain (after-fees), that is free money.

Synapse Protocol – A Better Bridge

Synapse Protocol is primarily a decentralized bridging solution that uses its own cross-chain Automated Market Maker (AMM) to bridge chains. It is also currently the fastest bridge and retains speed even during high-traffic times when oracle-based bridges get bogged down.

Synapse is the fastest and potentially most secure bridge currently available.

Speed is important because: 1) who wants to wait 7 days to go from L2 Arbitrum back to L1 Ethereum. 2) The less time your funds are in the protocol, the less exposure they have to a hack.

The other big benefit of Synapse is its non-custodial design. If you remember above, Wormhole works by storing your tokens in a smart contract on one chain and minting backed-tokens on the destination chain. Synapse actually performs many transactions for you to get you native assets on the destination chain. This should be more secure as you aren’t holding a synthetic asset backed by funds sitting in the bridge’s smart contract.

Lastly, completely subjective, but it is one of the easiest to use bridges I have seen. You can check Synapse Bridge out here for yourself.

Wrapping Up: Wormhole Bridge Hack

The hack on Wormhole shows the vulnerabilities of bridges once again. Luckily in this case, the financial backer had deep enough pockets to bail out users who could have lost their funds. However, this isn’t always going to be the case.

Bridging may be a necessary evil until the multi-chain landscape is fully developed, but be safe out there and make sure you know the risks of the bridging protocol you use.

Photo of author

Written By BowTied Effer

Finance, Fitness, Family, and Fixing Bad Advice from a Father

Disclosure

This article may contain links to third-party websites or other content for information purposes. BowTiedIsland may receive a commission at no cost to you if you purchase a product after clicking one of these links. The Third-Party Sites are not under the control of BowTiedIsland, and BowTiedIsland is not responsible for the content of any Third-Party Site. All information contained herein is the opinion of the writer and does not constitute financial advice. We aim to act as a neutral third party and aid in your research and analysis.


The Jungle


Crypto, Investing, and E-Commerce with BowTied Bull

The future is internet based, therefore we have a triangle based approach with crypto, e-commerce business making and Investing in traditional assets

Break Into a 6-Figure Wall Street Career

Learn how to efficiently break into investment banking and private equity. The Banker’s Bible is a definitive resource that offers an   A-Z blueprint and also gives you 24/7 access to real finance professionals. 

Fitness With BowTiedOx

BowTiedOx provides you a place to find all of his latest programs and guides.

Weekly newsletters that cover fitness, health, and mindset, all grounded in the fundamentals of physiology.

Media Production with BowTied Turkey and BowTied Tamarin

Video is no longer optional.

Don’t get left behind.

Your brand deserves professional videos to engage your audience.

Art & Graphic Design with BowTied Patriot

BowTied Patriot is a graphic artist who specializes in photography, mixed medium custom artwork, and NFT creation.

Join BowTiedPatriot as he dives into making Art in Web3.0 and The Metaverse.

Cooking with BowTiedOctopod

Learn secrets from a fine dining chef for maximum flavor and time-saving efficiency

Newsletters on Ingredients, Techniques and Flavor hacks that will have you eating better. We will never eat bugs!

Meme Warfare with DgenFren

Increase your online engagement, organically influence narratives, and build your online persona by using marketing that your target audience actually wants: memes.

Learn How to Sell with BowTiedSalesGuy

Sales is one of the most transferrable life skills, yet few know how to actually sell.

Traditional sales tactics don’t cut it in today’s hyper competitive world.

Learn the secrets from a Chad Salesman and change your Life forever.

Ecommerce with BowTiedOpossum

Learn the skills to start and build your first online business.

Want to build a business that travels with you?

Learn from an industry veteran that has worked on and with brands you already know.