- Attackers have made away with $320 million from Solana after exploiting a vulnerability in its Wormhole bridge.
- The news adds to the woes over multiple network outages, raising doubt in its potential as an “Ethereum killer.”
It’s the second month of 2022 and Solana (SOL) is already experiencing its third major hiccup. Just yesterday, hacker(s) exploited the network’s Wormhole bridge that connects Solana to Ethereum. The attacker(s) made away with 120,000 wrapped Ethereum (wETH) tokens, worth about $320 million at the time.
The Wormhole interoperability protocol assured users that ETH would be added to ensure the wrapped variant was fully backed on the bridge. At writing time, the protocol’s latest update was that the glitch had been fixed and that it was working on optimizing network functionalities.
Solana Wormhole hacked for $320M
According to paradigm security researcher “samczsun,” the attacker either had access to the bridge’s private keys or exploited the bridge. They then took advantage of a vulnerability in minting wETH without having to deposit ETH tokens. Samczsun also noticed a “corresponding transaction on Solana where the attacker bridged out the ETH.”
How did the @wormholecrypto exploit work? I joined forces with @gf_256 and @ret2jazzy to reverse engineer the exploit, and now that it’s been patched we can finally share it with you👇 pic.twitter.com/lXwD0GLZ3N
— samczsun (@samczsun) February 3, 2022
Of note, engineering firm Certus One developed the Wormhole, after which it was acquired by trading firm Jump Trading in August. Wormhole developers have now offered the hacker a bounty for returning the loot. A message on the Ethereum blockchain reads:
We noticed that you were able to exploit the Solana VAA verification and mint tokens. We would like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you have minted.
Tom Robinson, the co-founder of blockchain analysis firm Elliptic, commented:
This demonstrates once again that the security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them. The transparency of the blockchain is allowing attackers to identify and exploit major bugs.
The debate on “killing Ethereum”
In January, Solana suffered two major outages, leading to a total of four outages in six months. Some of the network’s enthusiasts attribute these issues to Solana’s relative infancy. One of them is FTX CEO Sam Bankman-Fried, who also said Solana is outdoing itself compared to all other blockchains combined – hence the outages.
Read More: Solana is still the best blockchain despite outages, FTX’s Sam Bankman-Fried says
Over the past eight hours, SOL prices have tanked 12 percent from around $111 to $97. At press time, the token was trading at $99.03, having dipped 9.4 percent in the past day. And just like many other cryptocurrencies, SOL is currently exchanging at a 62.5 percent discount from its Nov. 6 all-time high of $260.
With the recent Wormhole exploit and past network outages, it remains to be seen whether Solana can really “kill Ethereum” as it has been touted.