Solana Sinks After $320m Wormhole Attack
After last night attack, Solana (SOL) has dipped by more than 13% in the last 24 hours, triggered by the news of a $320 million hack on the Wormhole Bridge. At the press time, MarketForces Africa confirms that developers have successfully patched a loophole used by an attacker to exploit Wormhole, a bridge protocol used to transfer tokens between the Solana and Ethereum networks.
It was hard to tell how the attacker engineered the exploit, experts said. At first, they were torn between ascertaining if the attacker had accessed the private keys or exploited the bridge but later decided to work backwards to track the exploiter’s footprints.
Some blockchain analysts said in a discussion that a vulnerability in the Ethereum-compatible cross-chain bridge allowed a hacker to drain 120,000 ETH locked on the Ethereum-facing smart contract at around 18:24 UTC last night.
SOL was trading at $111 when the news of the hack surfaced and has plunged to $97.03 due to infiltration into Wormhole Bridge which enables users to transfer ETH from Ethereum to Solana.
To use ETH on Solana, users can lock it in a smart contract and receive a pegged asset called Wormhole ETH (wETH). This asset can be used across Solana’s DeFi ecosystem. Read: Solana to Hit New All-Time Highs in 2021, Expert Predict
The hacker executed an unauthorized mint of 120,000 wETH worth about $322 million. They executed the attack by exploiting a bug related to Solana VAA, a bridge function to verify asset transfers.
The hacker then transferred 93,750 wETH back to Ethereum, claimed it and moved it into their wallet. They then swapped the remaining 26,250 for 432,662 SOL and have left the funds sitting in their wallet on Solana.
While the Wormhole hack was not a direct hack on the Solana network, the incident could have a negative impact on the ecosystem. This is primarily because the ETH that helps collateralize the peg of wETH is missing following the hack.
As a result, 120 million wETH is circulating on Solana and currently in use across DeFi applications without any real backing. The permanent absence of the ETH backing wETH could affect collateralized token loans on Solana-based lending protocols such as Solend.
If the 1:1 backing of wETH is not quickly replenished, it could trigger a situation where DeFi positions may become under collateralized and potentially fuel a bank run. Such a situation would add to Solana’s well-documented difficulties after it has suffered from multiple clogs due to bot attacks on the network over the last few months.
In a Wednesday tweet announcing the hack, Wormhole said it would replace the missing ETH on the bridge to “ensure wETH is backed 1:1”. However, it did not specify where it would get the $322 million supply from. The Wormhole team has since patched the vulnerability.
Although DeFi is hailed as one of the biggest progress in the blockchain ecosystem, with the Total Value Locked in assets exploding to new highs year to date, the risk of attacks has equally skyrocketed prompting various users to think otherwise.
“This demonstrates once again that the security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them.
“The transparency of the blockchain is allowing attackers to identify and exploit major bugs, ” said Tom Robinson, the Chief Scientist of blockchain analysis firm Elliptic commented following the Wormhole heist.
Ethereum’s Vitalik Buerin has also expressed distaste with cross-chain networks due to their vulnerability to attacks whilst fronting multi-chain networks as the future of DeFi. #Solana Sinks After $320m Wormhole Attack
