Solana has become one of the fastest-growing smart contract blockchain networks since it was first officially launched in March 2020. The total value
Solana has become one of the fastest-growing smart contract blockchain networks since it was first officially launched in March 2020.
The total value locked (TVL) on decentralized finance (DeFi) protocols on the network grew from nearly $152 million in March 2021 to $8.08 billion at the time of writing, as per data from DefiLlama.
Simultaneously, the network has also been subject to several network issues and outages. Most recently, the Wormhole token bridge was hit by a security exploit on Feb. 3 that culminated in the loss of 120,000 wrapped Ether (wETH) tokens, worth over $375 million at the current price of Ether (ETH).
This exploit was the biggest so far in 2022 and the second largest DeFi hack ever, following the Poly Network hack where over $600 million was stolen from three different blockchain networks when an Ethereum bridge was compromised.
Wormhole is a token bridge protocol that connects multiple blockchain networks like Ethereum, Solana, Terra, BNB Smart Chain, Polygon, Avalanche and Oasis. It enables users to send and receive tokens between these networks without the need for a centralized exchange or tedious conversion processes. While wrapped Ether was the only asset impacted by this exploit, Certik, a smart contract auditing firm, mentioned that Wormhole’s bridge to the Terra blockchain network could be impacted by the same vulnerability as the Solana bridge.
The token bridging protocol has released a detailed incident report that tracks the chronology of the hack and all the associated aspects of it including security audits, bug bounties and the security roadmap. Cointelegraph discussed this hack with Max Galka, the CEO of blockchain data analytics firm Elementus. He said:
“About three hours before the Ether was taken from Wormhole, the wallet that is currently holding the stolen funds had a smaller transaction deposited from Tornado Cash — a mixer that anonymizes transactions. There was a transfer from a mixer on Ethereum to this wallet now holding the stolen funds.”
Galka further mentioned that while it is evident as to why the hacker would have experimented with Tornado Cash in the first place, it is less clear as to why they would use the mixer to deposit funds exactly into the same wallet before executing a major exploit.
Soon after, Wormhole launched a bug bounty program with Immunefi on Feb.12 with a $10 million reward that covers smart contracts, web user interface (UI), guardian nodes and Wormhole integrations. This makes it the largest bug bounty program in the cryptoverse, on par with Maker DAO’s bug bounty program.
Jump Crypto, the crypto investment arm of trading firm Jump Trading and one of the lead investors backing Wormhole, has stepped in to “make the community members whole.” The venture capital firm has replaced the 120,000 ETH and stated via a Twitter post on the same day of the hack that the firm believes in a multichain future and that Wormhole is essential infrastructure for this future.
Security concerns with cross-chain activity
Vitalik Buterin, a co-founder of Ethereum, wrote on a Reddit AMA session along with the Ethereum Foundation’s Research Team where he said that the future of blockchain technology is multichain and not cross-chain. Buterin has reasoned this with security concerns of bridges and non-native token assets with a focus on the probability of 51% attacks. He said, “It’s always safer to hold Ethereum-native assets on Ethereum or Solana-native assets on Solana than it is to hold Ethereum-native assets on Solana or Solana-native assets on Ethereum.”
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
Jagdeep Sidhu, the chief technology officer of Syscoin, a proof-of-work (PoW) blockchain network that is “merged-mined” with Bitcoin, spoke to Cointelegraph further on this narrative. He said, “He simply means that where there is a blockchain, there is a zone-of-sovereignty within that chain which has free will on the security of that blockchain. Any time blocks roll back, for example, all systems depending on the security of that chain also roll back. Because of this, when creating cross-chain bridges, you have to either assume a new consensus system that will watch and act on rollbacks or cautiously wait around the possibilities of a rollback, depending on the value of the transaction.”
Sidhu further said that the Wormhole hack revealed the complexities of creating cross-chain exchanging and bridging, as the attack was only enabled due to an externality by the Solana team which rendered a certain operation in the consensus code legacy. This operation opened a loophole in the logic of Wormhole that was taken advantage of by the hacker.
Even though this particular hack impacted a…
cointelegraph.com