A Solana bridge called Wormhole has been exploited for as much as $320 million, according to reports emerging on Feb. 3.
The team posted a notice that the bridge had been hacked, losing 120,000 wrapped ETH valued at around $320 million at the time. It explained that ETH will be added to ensure the wrapped variant in the bridge is fully backed.
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole🌪 (@wormholecrypto) February 2, 2022
At the time of writing, the latest announcement on the Wormhole Twitter feed was that the vulnerability had been patched and that they were working at restoring the network.
Biggest Bridge Hack to Date
Paradigm security researcher “samczsun” has delved into the attack stating that the perpetrator either got the private keys or they exploited the bridge. He added that there was a “corresponding transaction on Solana where the attacker bridged out the ETH.” The hacker essentially exploited a vulnerability to mint wETH without depositing ETH themselves.
How did the @wormholecrypto exploit work? I joined forces with @gf_256 and @ret2jazzy to reverse engineer the exploit, and now that it’s been patched we can finally share it with you👇 pic.twitter.com/lXwD0GLZ3N
— samczsun (@samczsun) February 3, 2022
Tom Robinson, the co-founder of blockchain analysis firm Elliptic, commented:
“This demonstrates once again that the security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them. The transparency of the blockchain is allowing attackers to identify and exploit major bugs.”
A message on the Ethereum blockchain from the Wormhole developers has offered a bounty for returning the loot:
“We noticed that you were able to exploit the Solana VAA verification and mint tokens. We would like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you have minted.”
Wormhole was developed by blockchain engineering firm Certus One which was acquired by Jump Trading in August. On Feb. 1, Solana Labs announced the launch of its payments app Solana Pay.
SOL Prices Tank
The bridge hack is the latest in a lengthening list of woes for Solana, which includes four network outages in as many months.
SOL prices have tanked over the past 8 hours, falling 12% from around $111 to $97 at the time of writing. The token is now trading 62.5% down from its Nov. 6 all-time high of $260.
Solana has often been touted as an “Ethereum killer,” but this latest setback, in addition to the multiple network and performance issues it has recently suffered, makes this moniker moot.