Wormhole Hack and the Fate of Cross-Chain Bridges.
By Cameron Tuths
Since the genesis of the computer, users and programmers alike have been burdened by hackers. Blockchain technology aims to make funds more secure in Web 3.0 than ever thought possible on today’s internet. While assets secured on a blockchain like Bitcoin, Etherium, and Solana are some of the safest places to hold your funds today, the “bridges” used to move assets between networks are still vulnerable to malicious activity. These bridges come in many different varieties, but yesterday’s Wormhole hack left an Ether to Solona bridge without 120K ETH due to a failure to validate “guardian” accounts, resulting in the hack. Wormhole works by exchanging users staked ETH for wETH, a token used to exchange funds between the Ethereum and Solona networks on the Wormhole bridge. Wormhole allows exchanging of seven top cryptocurrencies, all of which require these guardian accounts to be validated before funds are transferred. The hacker was able to mint wETH without staking any ETH, then liquidated most of his wETH for ETH while leaving some remaining in a Solana wallet. Within a day, Wormhole, through an investment by Jump Trading, had patched the issue and all wETH were once again backed 1:1. This was done to keep the faith in a cross-chain future strong.
1/2
— Wormhole🌪 (@wormholecrypto) February 3, 2022
All funds have been restored and Wormhole is back up.
We’re deeply grateful for your support and thank you for your patience.
As more funds are added to the crypto space, all risks are understood prior to an investment. Blockchains have proven themselves to be highly secure with cryptography, decentralization, and consensus principles, which allow for trust-less transactions. Bridges offer much less security comparatively and have seen repeated attacks. In the past month, a cross-chain bridge in the Defi protocol Qubit was hacked for $80 million. The week before that, $3 million was stolen by multiple hackers who attacked the cross-chain router protocol Multichain. These bridges are the weakest link in the Defienvironment, and securing them in the future is vital to this emerging market segment’s success.
Ethereum’s founder, Vitalik Buterin, has argued against a future dependent on these cross-chain bridges and has instead favored a scenario in which the entirety of one token’s transactions occur on a single, native chain, avoiding the trouble that Buterin describes as the “fundamental security limits of bridges.” As told by Buterin, storing native assets directly on-chain (Ethereum on Ethereum, Solana on Solana, etc.) provides a certain degree of immunity against 51% attacks. Even if hackers manage to censor or reverse transactions, they cannot propose blocks to take away one’s crypto.
Buterin further outlined how the security exploit could scale negatively as more bridges are added into a cross-chain network. In a theoretical network comprising 100 chains, the high level of interdependency and overlapping derivatives would mean that a 51% attack on one chain, especially a small-cap one, can cause a system-wide contagion.
Due to the faults related to bridging chains together, we may live in a strictly multi-chain future where there are many chains to work on, yet there is no cross-compatibility between them. With ETH currently being the most prominent proof of stake chain, it could have very lucrative implications for investors should this version of the future become reality.
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
Disclaimer: Please note that the contents of this article are not financial or investing advice. The information provided in this article is the author’s opinion only and should not be considered as offering trading or investing recommendations. Please conduct your own due diligence before making any investment decisions.
References:
Tom Wilson, Pushkala Aripaka, https://www.reuters.com/technology/crypto-network-wormhole-hit-with-possible-320-mln-hack-2022-02-03/
Olga Kharif ,Yueqi Yang, https://www.bloomberg.com/news/articles/2022-02-02/blockchain-bridge-wormhole-hit-with-potential-315-million-hack?srnd=technology-vp