More than $320 million was allegedly taken in the most recent crypto hack

More than $320 million was allegedly taken in the most recent crypto hack

It is the second-largest decentralized finance (DeFi) hack in history, after only the $600 million Poly Network crypto robbery. In an apparent breach, one of the most prominent bridges between the ethereum and solana blockchains lost more than $320 million on Wednesday afternoon. It is the biggest hack on solana, a rival to ethereum that is gradually gaining pace in the non-fungible token (NFT) and DeFi ecosystems, and it is the second-largest exploit ever in the developing realm of decentralized finance (DeFi), just after the $600 million Poly Network crypto robbery. Ethereum is the most widely used blockchain network, and it is a major participant in the DeFi space, where programmable code known as smart contracts can take the role of middlemen such as banks and attorneys in certain types of business transactions. Solana, a more recently launched competitor, is gaining traction as a cheaper and speedier alternative to ethereum. Because cryptocurrency users do not always operate within a single blockchain ecosystem, developers have created cross-chain bridges that allow users to transmit cryptocurrency from one chain to another. Wormhole is a system that allows users to transfer tokens and non-fungible tokens (NFTs) between Solana and Ethereum. Wormhole’s Twitter account confirmed the exploit, stating the network is “down for maintenance” while it investigates a “possible exploit.” The protocol’s official website is also unavailable. According to a report by blockchain cybersecurity firm CertiK, the attacker has made at least $251 million in ethereum, approximately $47 million in solana, and more than $4 million in USDC, a stablecoin tethered to the US dollar’s price. According to Auston Bunsen, co-founder of QuikNode, which provides blockchain infrastructure to developers and businesses, bridges like Wormhole function by having two smart contracts – one on each chain. There was one smart contract on Solana and one on Ethereum in this example. Wormhole is an ethereum bridge that accepts an ethereum token, locks it inside a contract on one chain, and then issues a parallel token on the other chain. According to CertiK’s preliminary investigation, the attacker took advantage of a vulnerability on the Solana side of the Wormhole bridge to create 120,000 “wrapped” ethereum tokens for themselves. (Wrapped etherum tokens are pegged to the original coin’s value but are compatible with other blockchains.) It appears that they then utilized these tokens to claim ethereum held on the ethereum side of the bridge. According to CertiK, the bridge kept a 1:1 ratio of ethereum to wrapped ethereum on the Solana blockchain prior to the hack, “serving effectively as an escrow service.” “This attack breaks the 1:1 peg,” the report added, “since there is now at least 93,750 less ETH held as collateral.” Wormhole says ethereum will be added to the bridge “in the next hours” to ensure that its wrapped ethereum tokens are supported, but it’s unclear where the funding will come from. Bridges won’t be around much longer in the crypto ecosystem, according to Ethereum founder Vitalik Buterin, in part because “fundamental constraints to the security of bridges that jump over several ‘zones of sovereignty.'” When bridges hold hundreds of millions of dollars in escrow and multiply their attack vectors by functioning over two or more blockchains, they become excellent targets for hackers, according to CertiK’s post-mortem analysis on the incident. In recent months, a number of high-value attacks have been discovered on cryptocurrency platforms. “The $320 million Wormhole Bridge hack exemplifies the escalating trend of assaults against blockchain protocols,” stated Ronghui Gu, co-founder of CertiK. “This attack is raising worries about the growing worry about blockchain security.”

Source