Solana’s Wormhole bridge gets hacked for $200 million (80K ETH)
While cross-chain bridging solutions are popular, many users do not realize the full risks associated with using them.
The popular Solana Wormhole bridge has just fallen victim to hackers at an exploit of 80K ETH (212.3 million).
According to Etherscan, 80,000 in Wrapped ETH (WETH) was transferred into the hacker’s wallet. This means that large amounts of ETH on the Solana blockchain are now unbacked.
Wormhole exploited for 80k eth. Whew. pic.twitter.com/Kssj1PWQA4
— Xohn (@0revenue) February 2, 2022
Developers are now negotiating with the hackers, who sent an on-chain message on Notifi requesting the return of the funds for 10 million (4.7%) :
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”
The Wormhole website has also been deactivated.
Almost as he was foreshadowing it, Vitalik sounded the alarms on the security risks of cross-chain bridges in a recent tweet.
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
In the tweet, the Ethereum co-founder voiced his opposition to the use of cross-chain solutions by Ethereum and other blockchains, due to the increased attack vectors of the bridged assets when they are transferred across an increasing number of chains and decentralized applications.