February had barely begun when crypto headlines started screaming the shocking news that DeFi protocol Wormhole had been exploited for a whopping $326 million worth of Ethereum on Feb. 2. In a whiplash-inducing turn of events, the blockchain bridging platform announced the next day that all funds had been restored and that their system was functioning again as normal. The whole incident report can be read here.
The hack was designed to exploit a vulnerability in the bridge between the Ethereum and Solana blockchains on Wormhole. The perpetrators were essentially able to mint about 120,000 wrapped Ether (wETH) out of the void on the Solana blockchain. They then smuggled their bounty to the Ethereum Network over the course of a series of transfers.
What is the Wormhole DeFi bridge?
As a bridge in the world of decentralized finance (DeFi), Wormhole is set up to exchange different cryptocurrencies on decentralized apps (dApps) over the Ethereum Network. Running on smart contracts, bridges make various blockchains interoperable, with users generally dealing with them through a web app connected to their crypto wallet. Assets are held and released with a particular timing between the two chains to facilitate transactions.
Wormhole Negotiates with Hackers
When the Wormhole team figured out they’d been had by the cybercriminals, they reached out and tried to make a deal. In a message sent to the Ethereum wallet that had been identified as the recipient of the stolen tokens, Wormhole offered a $10 million “bug bounty” for an explanation of the exploited vulnerability, as well as the return of the entire ill-gotten haul. The company has so far made no comment on the details of the agreement it reached with the hackers, other than to say that the crypto has been returned in its entirety.
Before the wETH was given back, Wormhole said it was in the process of replacing the stolen funds with regular ETH to substantiate its reserves. CoinDesk reported that it was told by insiders that Jump Capital, which acquired Wormhole’s developer Certus One last year, was expected to step up and replace the funds. Otherwise, some Solana-based platforms might have gone under completely.
The company has said via Twitter that the vulnerability has been patched and the platform is up and running again per usual. The attack had led to Wormhole going offline to undergo maintenance for a period of time.
How Risky are Ethereum Bridges?
Last month on Reddit, Ethereum’s co-founder Vitalik Buterin ventured that blockchain bridges such as Wormhole would face an uphill climb going forward, given certain insurmountable technical vulnerabilities. Instead, he argued the future would be multi-chain rather than cross-chain.
The Wormhole incident is the second-largest DeFi hack in history and the biggest so far this year. The August 2021 hack of the Poly Network for an estimated $611 million, which also ended in the funds being returned, still holds the record for the biggest DeFi hack of all time. However, these endings are not always so happy, as was proven last month when Qubit Finance lost $80 million worth of Binance Coin yet to be surrendered.
Crypto security can represent a labyrinth of complexity that you need to power through at times. Wormhole did very well to recover their users’ stolen funds and have since launched a $10m bounty fund to help turn “gray hats into white hats”.
This is admirable, however it doesn’t take away from the fact that the DeFi space is a virtual petri dish for cybercrime where hackers continuously look for new ways to exploit protocols for all the marbles. Other protocols that don’t have such deep pockets and wealthy backers are not so lucky.
In the face of all this lingering uncertainty in the nascent world of crypto, you can never be too cautious with your digital assets. The best way to keep your assets reliably safe is through elite cold storage wallets as you navigate the DeFi and NFT landscape or simply want to keep your bluechip cryptocurrencies like Bitcoin and Ethereum protected. For that, look no further than the CoolWallet S and CoolWallet Pro, our flagship model with a CC EAL6+ secure element. Our hardware wallets help keep your crypto in the safest of hands- namely your own!