Last week, the fourth-largest cryptocurrency hack ever took $323 million from Wormhole, a blockchain bridge. (A blockchain bridge does exactly what it says: it allows users to transfer cryptocurrency from one blockchain to another.) While Wormhole owner Jump Crypto compensated the victims of the breach within hours, many doubts persisted.
Although the event resulted in exploitation and financial losses for the firm that distributed the software, investor monies have been returned. Why was the hack feasible? Who was the perpetrator? And how did Jump Crypto come up with $323 million in cash to make things right? Let’s get started.
What’s Wormhole?
Wormhole is a decentralized finance (DeFi) platform that allows users to exchange Solana for other cryptocurrencies directly on decentralized apps (dApps) running on the Ethereum blockchain. Solana and other leading decentralized finance (DeFi) networks use Wormhole as a communication bridge. Existing projects, platforms, and communities may use Solana’s fast speed and cheap cost to transport tokenized assets smoothly between blockchains.
Jump Crypto
Many users were perplexed as to how Jump was able to come up with that much cash so quickly. Jump Crypto is a branch of a decades-old trading business that has just made a huge push into cryptocurrency, employing roughly 140 employees in the process. It’s unclear how it generates all of its money, but completing crypto transactions made by Robinhood members appears to be a big contributor, a right it paid Robinhood $247 million for in the first nine months of last year.
What Happened
A software error allowed an anonymous hacker to mint 120,000 wrapped ETH on the Solana network without posting the requisite collateral on Ethereum, resulting in a $323 million loss. Wormhole halted all token transfers on its bridges shortly after discovering the breach to begin repairing the vulnerability, which took roughly 16 hours. Jump has restored the stolen ETH by Thursday AM, assuring that no user money had been harmed.
The attacker falsified a transaction’s signature in Wormhole, then presented the invalid transaction as a legal one to the Solana network, allowing for the fraudulent minting of a significant amount of ETH tokens on the Solana network. They subsequently moved many of the tokens to an Ethereum-based digital wallet.
Could This Happen Again?
The hack brought to light the vulnerability of crypto bridges. It’s challenging enough to create safe and secure smart contracts on a single blockchain. As demonstrated by the exploit, Wormhole, which interacts with six chains (Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra), faces an exponentially more difficult challenge. Because of the complexity of writing for several chains, security experts like Dan Guido, CEO of the security firm Trail of Bits, deem blockchain bridges “among the most challenging programs to develop.”
Wormhole, a cross-chain bridge, with a market cap of more than $20 billion, and Ethereum co-founder Vitalik Buterin has highlighted the security flaws with such applications. Wormhole was, in fact, the second bridge to be exploited in less than two weeks. DeFi is still fairly new to us, and although it has a lot of advantages outside of traditional banking, it also has a lot of drawbacks. Check that a protocol’s smart contracts have been audited and that you’re following best practices to keep your crypto safe before utilizing it.