Yet another multi-million dollar hack has impacted the crypto ecosystem. This time, it’s against Wormhole – a famous cross-chain bridge to bring non-native cryptocurrencies to other blockchain networks.
Over $300 million worth of wETH were unfairly generated through a protocol exploit. This comes a month after Vitalik warned the crypto-community of the security flaws inherent with cross-chain protocols and intermediaries. .
120k wETH Stolen
Hours ago, Wormhole warned the community of a potential protocol to exploit over Twitter. The team put the network under maintenance in the meantime. Then, at 5:25 PM EST, they confirmed that Wormhole had been “exploited for 120k wETH.”
wETH (wormhole ETH) is the artificial substitute for Ether used to effectively transfer one’s ETH holdings from Ethereum to other chains. To make this work, Ethereum must be transferred to trusted intermediaries called “bridges”, which reliably hold one’s original Ether out of circulation.
In return, the intermediary transfers the exact same amount of wETH to the user on the new chain. The version of wETH being discussed here is that which is compatible with Solana. A similar type of asset exists for Bitcoin called “Wrapped Bitcoin” (WBTC), giving it compatibility with Ethereum.
Photo by DrawKit Illustrations on Unsplash
“Wrapped” assets are meant to maintain the value of their underlying cryptocurrency while exploiting the tools available on other chains. However, they operate under the premise that the supply of such tokens remains reliably pegged, and is not being inflated. If it is, investors are likely to rapidly lose confidence in the new asset.
As such, Wormhole claims to be securing more ETH to maintain their wETH peg after the hack. However, Twitter users showed scepticism as to where they could possibly locate these funds, worth $322M at the time of writing.
“If nobody backs it and the coins are truly gone then Wormhole ETH is worth 0 and everyone who has a balance of it becomes worthless,” said George Harrap, founder of Solana DeFi platform Step Finance. “DeFi protocols, users, everyone.”
The attacker appears to have minted 120k wETH on Solana, using their exploit. On-chain data shows 80k wETH having been transferred from Wormhole to a new Ethereum address, now holding $250 million of ETH. The other 40k wETH was left on Solana and sold for other assets.
The wormhole team has since reached out to the hacker through an ETH transaction. They promised a $10 million bounty in return for the stolen wETH and exploit details.
Vitalik’s Warning
In a recent popular Reddit comment, Vitalik explained why he believes the future of crypto will be “multi-chain”, but not “cross-chain”. Fundamentally, he stated that cross-chain bridges contain security gaps and a level of “trust” that is the very antithesis of crypto.
He highlighted 51% attacks as an even greater weak point. While such an attack may not be catastrophic on an isolated chain, it could disrupt various asset pegs with other chains, destroying various crypto economies.
“It’s always safer to hold Ethereum native assets on Ethereum, and Solana native assets on Solana,” he said.
Comments
Log in or sign up to join the conversation.