What can we Learn from the Solana Wormhole Hack?
On February 2, 2022, Solana’s Wormhole bridge, linking the Solana blockchain to Ethereum, was hacked for over $300 million ETH. One week later, the saga seems to be over, the bridge was bailed out, and all is well. However, there is still much to learn from this debacle, particularly about the security of cross-chain assets.
Solana’s Wormhole exploit was the second-largest cryptocurrency hack in history, second only to Poly Network’s $600 million exploit from a few months ago. For context, Wormhole is a blockchain bridge that allows for assets, like NFTs and tokens, to be transferred from one blockchain to another. A hacker was able to trick the Wormhole contract into thinking that they had Ethereum on Solana when they did not, and thus was able to withdraw 120,000 ETH to the Ethereum blockchain.
This caused an immediate uproar in the Solana community, as almost 3% of Solana’s total value locked was now not backed by any tangible assets. Consequently, the price of Solana dropped by 10% almost immediately and its entire DeFi ecosystem was at risk of collapsing.
Fortunately, the parent company of Wormhole, Jump Trading, bailed out the bridge and replaced the 120k lost ETH. This allowed for the bridge to patch the exploit and continue working as intended, with very few consequences.
Even though this saga is mostly resolved, there are lots of lessons that the cryptocurrency ecosystem can learn from this disaster, which will help to create a more secure multichain future.
One of the most obvious takeaways is the importance of bridge security. As bridging between different blockchains becomes more common, tens of billions of dollars will be at stake, and all of it will be at risk of being hacked. Wormhole has shown us this reality firsthand, along with Poly Network, which was a multichain Ethereum-based bridge that suffered the greatest hack in cryptocurrency history. The two top hacks both being bridges is not a coincidence, and it is likely that there will be many more in the future.
For any asset derived from a bridged asset, it is important to know which bridge the asset came from, as we now know that all bridged assets are not made equal. If each version of Ethereum on Solana becomes unique based on which bridge it came from, there will be less liquidity and efficiency on DeFi platforms, but the fall of one bridge will not mean the collapse of DeFi.
Similarly, fully trustless and decentralized multichain systems, such as those seen on Cosmos and Polkadot, will become more common. If the capability to bridge assets is inherently built into a protocol, it is much more secure from vulnerabilities and therefore more valuable to consumers. Cosmos and Polkadot are both creating interoperability hubs which will allow for all sorts of different blockchains to become interoperable with one another, all while ensuring stability and security.
To summarize, as the cryptocurrency world matures and more money is locked up in different protocols and smart contracts, the risk of hacks and exploits will only continue to rise. Bridges will be some of the most vulnerable platforms, as they require security on multiple different blockchains and are the key to interoperability. In order to secure a multichain future, bridges will need to become more decentralized, secure, and insured against different types of attacks, or risk being the new biggest cryptocurrency hack in history.
By Lincoln Murr