Crypto Worth Over $320 Million Taken in Wormhole Hack

Popular bridge linking Ethereum and Solana later retrieved the stolen assets

ByMark Kolakowski Full BioMark Kolakowski is a business consultant, freelance writer, and business school lecturer. He has been an expert in investing, and a market watcher for 40-plus years. He received his MBA in finance from The Wharton School of The University of Pennsylvania and is the author of the book Career Confidential: An Insider’s Guide to Business.Learn about our editorial policiesPublished February 03, 2022

Wormhole, one of the most popular bridges that link the Ethereum and Solana blockchains, has suffered a theft of cryptocurrencies worth over $320 million in an apparent hack that took place on Feb. 2, 2022. These two blockchains are popular in the worlds of decentralized finance (DeFi), where programmable contracts can replace lawyers and bankers in some transactions, and non-fungible tokens (NFTs).

However, on Feb. 3, 2022, Wormhole indicated that "all funds have been restored," that its services have come back online, and that it is preparing a full incident report. Certus One, the developers of Wormhole, offered the hackers a $10 million "bug bounty" for details of their "exploit" and return of the stolen cryptocurrency.

Key Takeaways

Targets of the Hack

Ethereum is the most utilized blockchain network, including being a major participant big player in DeFi, where programmable pieces of code known as smart contracts can replace intermediaries such as banks and lawyers in certain types of business transactions.

A newer competitor, Solana, is enjoying growing popularity due to lower cost and greater speed than Ethereum. Wormhole is a protocol that allows users to shift their tokens and NFTs between Solana and Ethereum.

Blockchain cybersecurity firm CertiK finds that the Wormhole hacker's takings include at least $251 million worth of Ethereum, almost $47 million in Solana, plus more than $4 million in USDC, a stablecoin pegged to the price of the U.S. dollar.

Since few users use only one blockchain exclusively, bridges such as Wormhole have become important intermediaries that allow users to shift cryptocurrency holdings between chains. The $320 million theft is the second-biggest since $600 million worth of tokens were stolen from cryptocurrency platform Poly Network, another major player in DeFi, in August 2021. It also is the largest theft affecting Solana, a rising rival to Ethereum in the worlds of DeFi and NFTs.

Mechanics of the Wormhole Heist

Bridges such as Wormhole take an Ethereum token, lock it into a contract on one chain, and then issue a parallel token on the chain at the other side of the bridge. Initial analysis by CertiK suggests that the hackers exploited a vulnerability on the Solana side of the Wormhole bridge to create 120,000 so-called "wrapped" Ethereum for themselves.

Wrapped Etherum tokens are pegged to the value of the original coin but are interoperable with other blockchains. The hackers may have used these tokens to take possession of Ethereum being held on the Ethereum side of the Wormhole bridge.

The hackers apparently were able to mint 120,000 wrapped ETH (wETH) on the Solana blockchain, 93,750 ETH of which were then transferred to the Ethereum blockchain, per blockchain analysis firm Elliptic. These 120,000 wETH were worth almost $324 million at current exchange rates.

CertiK notes that bridges multiply the possible lines of attack from hackers by operating across two or more blockchains. When they hold hundreds of millions of dollars of assets in escrow, they become even more attractive targets.

Meanwhile, Vitalik Buterin, the founder of Ethereum, already has argued that bridges are unlikely to exist for much much longer in the crypto ecosystem. Part of his reasoning is that there are "fundamental limits to the security of bridges that hop across multiple 'zones of sovereignty.'"

Growing Crypto Security Concerns

"The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols," CertiK co-founder Ronghui Gu told CNBC. "This attack is sounding the alarms of growing concern around security on the blockchain," he added.

Article Sources