Over $320 million was stolen in the latest apparent crypto hack

February 4, 2022: -One of the most famous bridges linking the ethereum and Solana blockchains lost more than $320 million on Wednesday afternoon in an apparent hack.

It is DeFi’s second-biggest exploit ever, just after the $600 million Poly Network crypto heist. It is the most significant attack on Solana, a rival to ethereum that is increasingly gaining traction in the non-fungible token (NFT) and decentralized finance (Defi) ecosystems.

Ethereum is the most used blockchain network. It is a big player in the world of Defi, in which programmable pieces of code known as smart contracts can replace intermediaries such as banks and lawyers in certain types of business transactions. A more recently introduced competitor, Solana, is growing in popularity because it is cheaper and faster than ethereum.

Crypto holders often do not operate exclusively within one blockchain ecosystem, so developers have built cross-chain bridges to let users send cryptocurrency from one chain to another.

A wormhole is a protocol that lets users move their tokens and NFTs between Solana and ethereum.

Developers representing Wormhole confirmed the exploit on its Twitter account, saying that the network is “down for maintenance” while it looks into a “potential exploit.” The protocol’s official website is currently offline.

An analysis from blockchain cybersecurity firm CertiK shows that the attacker’s profits thus far are at least $251 million worth of ethereum, nearly $47 million in Solana, and more than $4 million in USDC, a stable coin pegged to the price of the U.S. dollar.

According to Auston Bunsen, bridges like Wormhole work by having two intelligent contracts, one on each chain, co-founder of QuikNode, which provides blockchain infrastructure to developers and companies. In this case, there was one smart contract on Solana and one on ethereum. A bridge-like Wormhole takes an ethereum token, locks it into an agreement on one chain, and then on the chain at the other side of the bridge, it issues a parallel permit.

Preliminary analysis from CertiK shows that the attacker exploited a vulnerability on the Solana side of the Wormhole bridge to create 120,000 so-called “wrapped” ethereum tokens for themselves. It appears that they then used these tokens to claim the ethereum that was held on the ethereum side of the bridge.

Before the exploit, the bridge held a 1:1 ratio of ethereum to wrapped ethereum on the Solana blockchain, “acting essentially as an escrow service,” according to CertiK.

“This exploit breaks the 1:1 peg, as there is now at least 93,750 less ETH held as collateral,” continued the report.

Wormhole says that ethereum will be added to the bridge “over the next hours” to ensure that its wrapped ethereum tokens remain backed, but it is unclear where it’s getting the funds to do this.