Financial Associated Press (Shanghai, editor Qi Lin) news, on Wednesday afternoon, Eastern Time, there was a shocking theft in the cryptocurrency circle. Wormhole, the main bridge connecting the two major blockchains of Ethereum and Solana, was hacked and the damage is estimated to be at least $320 million.
This is the second largest hacking loss disclosed by the DeFi world, currently recording a record of $600 million in a Poly Network cryptocurrency theft, which is also the largest loss caused in a hack against Solana.
DeFi's full name is Decentralized Finance, or "decentralized finance," and the current DeFi project is mainly conducted on Ethereum's blockchain. However, Solana has grown rapidly in recent times, and with its advantages of lower fees and faster speeds, it has become a competitor to Ethereum, gaining increasing attention in the DeFi and NFT (non-homogeneous token) ecosystems.
Well, the problem arises, cryptocurrency holders don't usually operate within just one blockchain, they need to move their book wealth between different blockchains. That way, bridges like Wormholes appeared. Wormhole Project is essentially a protocol that allows users to move their tokens and NFTs between Solana and Ethereum.
Wormhole's Twitter account has confirmed the hack, saying the network will be down for maintenance and a potential vulnerability is being investigated. The latest news released by its Twitter is that the vulnerability has been patched and efforts are being made to restore the network as soon as possible.
The losses were heavy
An analysis by blockchain cybersecurity firm CertiK shows that to date, hackers have stolen at least $251 million worth of Ether, nearly $47 million of Solana, and more than $4 million of stablecoin USDC, a stablecoin pegged to the price of the dollar.
Auston Bunsen, co-founder of QuikNode, notes that bridges like wormholes work through two smart contracts — one on each chain, one on Solana, and one on Ethereum.
This way, the wormhole can receive Ethereum tokens, lock them in a contract on a blockchain, and then on the other side of the chain of the bridge, it will issue a parallel token. Typically, parallel Ether is pegged to the value of the original coin, but can be interoperable with other blockchains
CertiK's preliminary analysis revealed that the hacker exploited a vulnerability on the Sorana side of the wormhole bridge to create 120,000 so-called "packaged" Ethereum tokens (i.e., counterfeits) for themselves. Subsequently, hackers appeared to use these packaged parallel tokens in exchange for real Ether held on the Ethereum side of the bridge.
Prior to this attack, the ratio of Ether to Packaged Ether on the Solana blockchain was 1:1, "essentially a custodial service." But after the attack, this exchange relationship was broken, because the bridge side was missing at least 93,750 Ether as collateral.
Sound the alarm for blockchain security
CertiK noted in a report after the incident that when a "bridge" has hundreds of millions of dollars in escrow assets and operates on two or more blockchains, this increases the pipeline through which they could be attacked, potentially becoming a prime target for hackers.
Gu Ronghui, co-founder of CertiK, said, "The $320 million hack of the wormhole highlights the growing trend of attacks against blockchain protocols... The attack is a wake-up call for growing concerns about blockchain security. ”
Tom Robinson, co-founder of blockchain analytics firm Elliptic, said this shows once again that the security of DeFi services has not yet reached a level that can accommodate large amounts of money.
"The transparency of blockchain, in itself, allows attackers to identify and exploit major vulnerabilities," he said. ”
![Gold Web3.0 Daily | Musk tweeted about NFTs[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)