The token bridge between Solana and Ethereum witnessed one of the biggest hacks of 2022, with about 120K wETH tokens being removed from the entire platform. Also, the token was distributed between the Solana and ETH wallets of the hacker. This was one of the biggest and the most major security exploits this year and resulted in the loss of about 120000 wETH tokens.
The total value of the tokens is supposed to be about $321 million that was taken from the platform. Hacking activities are quite common these days in cryptocurrency as people are constantly losing their money due to scams and hacks from different directions. This recent hacking news is reported to be the largest one in the year. What might follow a series of other hacking attempts and security threats?
The Wormhole is a token bridge that enables the users to receive and send cryptocurrency between Solana, Polygon, BSC, Oasis, Terra, Avalanche, and Ethereum without using a particular centralized exchange (CEX). This one was the largest crypto hack of 2022 so far and the second largest DeFi hack to take place to date. The team of Wormhole has offered a $10M bug bounty to return the funds.
The hack was conducted on the Solana side of the bridge, and there are fears. Wormhole’s bridge to Terra could also be a bit vulnerable. The Wormhole team has made an assurance to the community that the supply of ETH would be replenished to “ensure wETH is backed 1:1,” but there is no word yet on where those funds will come from or when. The hack took place at 6:24 pm UTC on the 2nd of February. The attacker managed to remove about 120,000 wETH (WETH) on Solana, then made redemption of 93,750 WETH for ETH worth $254 million onto the Ethereum network at 6:28 pm UTC. The hacker has since used some funds to buy SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK), and Bored Ape Yacht Club Token (APE).
The remaining WETH was exchanged for SOL and USDC on Solana. The hacker’s Solana wallet currently has about 432,662 SOL ($44 million). No other assets or chains served by Wormhole have been reported affected, but smart contract auditing firm Certik said in a report today that “It is possible that Wormhole’s bridge to the Terra blockchain shares the same vulnerability as their Solana bridge.”
The Wormhole team contacted the hacker through their Ethereum address to offer to let the hacker keep $10 million worth of funds stolen if the remaining funds are returned. “This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. So we’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details and returning the wETH you’ve minted. You can reach out to us at email@example.com.”
On the 28th of January, Qubit Finance’s QBridge was exploited for $80 million on BSC. It is also reminiscent of the Poly But, in that case, nearly all of the funds were returned by the whitehat hacker.
The frequency with which such hacks occur has validated Vitalik Buterin’s warning that there are “fundamental security limits of bridges.” The Ethereum co-founder’s warning was within the context of a 51% attack on Ethereum, but his advice was well-timed as he pointed out the general vulnerability apparent on bridges that send tokens across layer-1 blockchains.