Wormhole | What We Can Learn from the Wormhole Exploit?

On February 2, 2022 - an exploit on the Wormhole network resulted in a loss of approximately $320 million in crypto funds. While the company offered a bounty of $10 million for any information that could lead to the recovery of these funds, it was to no avail, and the funds have not been recovered at the time of writing.

With a total loss amounting to $320 million, this incident marks the second-largest breach in history for a DeFi project, with the largest being a breach of the Poly Network back in September 2021 with a loss of over $602 million. However, in the case of the Poly Network, almost all of the stolen funds were recovered in a “Whitehat” agreement, where the hacker stated that they only carried out the hack to reveal the vulnerabilities within the network.

Therefore, Wormhole’s incident can be ranked as the fifth-largest cryptocurrency breach ever, behind the likes of the attacks on Coincheck and Mt. Gox.

What can we learn from such a terrible tragedy?

What is the Wormhole Network?

Wormhole is a decentralized cross-chain portal that allows cryptocurrencies to be sent from one blockchain network to another. It is particularly useful for DeFi services since traders can easily convert their existing crypto assets from one network to another to be used for staking, lending, or more. Wormhole bridges the Solana blockchain with other blockchains, including those for Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra.

To summarize this in simpler terms, if a trader would like to move their Ether from the Ethereum network to Solana, validators (known as Guardians) will sign a transfer message, certifying that the trader has deposited Ether on the Ethereum network to be locked in a smart contract. Once the transaction has been confirmed, wrapped Ether (WeETH) will be released on the Solana network and transferred to the user’s wallet.

A major advantage of Wormhole lies with its bridging fees, which are currently sub-cent. This means that the most expensive aspect of the transaction lies with the gas fees of the origin and destination networks.

Details Behind the Exploit

Two transactions that occurred before the attack were confirmed by the hackers. The first one was a transfer from Tornado Cash, which was used to pay for gas fees. The second transaction was a 0.1 ETH deposit to a deposit address on the Wormhole Bridge, most likely to test his or her setup.

While transactions on the Wormhole protocol typically require the approval of Guardians, the hacker was able to bypass the signature validation process by creating a fake program for the Secp256k1 contract.

This meant that the hacker was able to mint 120,000 Ether on the Solana Chain into his account, without the corresponding amount deposited within the Ethereum network. Since the market price for an Ether was around $2,681 when the breach happened, the incident left $320 million worth of WeETH unbacked for a certain period of time.

Had the issue persisted, other Solana-based platforms could also become insolvent. This was because traders could have scrambled to sell their wrapped Ether for fear of its price crashing. With so many DeFi services on the Solana network using WeETH to back assets issued to traders, this would have a serious implication on the entire Solana network.

Fortunately, the worst-case scenario did not happen. Jump Trading, the company that owns Wormhole, stepped up and provided Ether to replace the stolen funds.

The Aftermath

The hacker who stole Wormhole's funds still has 93,750 Ethereum in his possession, and also converted the remaining WeETH into Solana and Wrapped Solana. The good news is that investigators are following the hacker's address, which will make it impossible for him to move the stolen funds.
Meanwhile, Wormhole has announced that the vulnerability has been patched, and the network is now operational again. The price of Solana also dipped by more than 13% directly after the breach.

Cross-chain bridges are the future of crypto, allowing for interoperability between different blockchain networks. However, much care would need to be taken to ensure the security of these protocols, since any attacks would result in devastating losses as more value continues to flow between these bridges.