Cryptocurrency platform Solana logo.
Jakub Porzycki | Via NurPhoto | Getty Images
DeFi The second largest exploit in historyImmediately after $ 600 Million Poly Network Cryptographic RobberyAnd this is the biggest attack ever against Ethereum’s rival Solana, which is gaining momentum in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems.
Ethereum is the most used blockchain network and is a big player in the DeFi world where programmable code called smart contracts can replace intermediaries such as banks and lawyers in certain types of business transactions. .. The recently introduced competitor solana is becoming more popular because it is cheaper and faster to use than Ethereum.
In many cases, crypto holders do not work exclusively within one blockchain ecosystem, so developers build cross-chain bridges to allow users to send cryptocurrencies from one chain to another. did.
Wormhole is a protocol that allows users to move tokens and NFTs between Solana and Ethereum.
The developer representing the wormhole confirmed this exploit in his Twitter account, and the network “Down for maintenance” While investigating “potential exploits”. Official website of the protocol Currently offline.
According to an analysis by blockchain cybersecurity firm CertiK, the attacker’s profits to date have been at least $ 251 million worth of Ethereum, nearly $ 47 million Solana, over $ 4 million USDC, and the price of US $. It is a fixed stable coin.
A wormhole-like bridge works by having two smart contracts (one for each chain). Auston Bunsen, Co-founder of QuikNode, which provides blockchain infrastructure to developers and businesses. In this case, Solana and Ethereum had one smart contract. A bridge like a wormhole gets an Ethereum token, locks it into a contract in one chain, and then issues a parallel token in the chain on the other side of the bridge.
According to CertiK’s preliminary analysis, the attacker exploited a vulnerability on the Solana side of the wormhole bridge to create 120,000 so-called “wrapped” Ethereum tokens. (The wrapped Ethereum tokens are fixed at the original coin value, but can be interoperated with other blockchains.) Then, these tokens were used to be held on the Ethereum side of the bridge. It seems that he requested Ethereum.
Prior to the exploit, according to CertiK, the bridge maintained a 1: 1 ratio of Ethereum to wrapped Ethereum on the Solana blockchain, “essentially acting as an escrow service.”
“This exploit breaks the 1: 1 peg because it has at least 93,750 less ETH held as collateral,” the report continues.
Wormhole says Ethereum will be added to the bridge “In the next few hours” To ensure that the wrapped Ethereum tokens are backed up, but it’s unclear where the funds are to do this.
Ethereum founder Vitalik Buterin Made a case before The bridge doesn’t exist that long in the crypto ecosystem. This is because “there is a fundamental limitation on the security of bridges that jump over multiple” zones of sovereignty “.”
CertiK said in a post-incident report that the bridge holds hundreds of millions of dollars in assets in escrow and operates across two or more blockchains to increase the potential attack vector, a major hacker. He said he would be a target.
Cryptographic platforms have faced many high-value exploits in recent months.
“The $ 320 million hack into the wormhole bridge highlights an increasing trend in attacks on blockchain protocols,” said CertiK co-founder Ronghui Gu. “This attack warns of growing concerns about blockchain security.”