Solana (SOL) has fallen 10,4% in the past few hours, following confirmation of the $323 million hack of the Wormhole chain interoperability protocol.
SOL, the native cryptocurrency of the blockchain Solana, has lost 10,4% of its value in the last 24 hours, trading at around $98 per unit at the time of this writing. The drop in SOL's value is recorded after the hack suffered by the Wormhole protocol, built on the Solana network and which serves as an interconnection bridge between this blockchain and Ethereum.
On-chain data shows that the hacker managed to extract a total of 120.000 wETH, the wrapped token of Ethereum’s ETH cryptocurrency (worth around $323 million) after exploiting a vulnerability present in the protocol. While the developers have not yet published a report on how the exploit occurred, they did confirm the hack, saying on Twitter that they were working to recover the network, which was out of service during the attack.
A few hours after confirming the attack, Wormhole’s official Twitter account noted that the vulnerability the hacker used to exploit the protocol has now been patched and that they will be adding more ETH to ensure 1:1 backing of wETH wrapped tokens within the network.
The community of Wormhole users, who used the protocol to send assets between Solana, Ethereum, and other blockchains, are hoping that Wormhole developers will be able to recover the hacked funds.
It may interest you: The Neodyme firm detects a security bug that risked millions of dollars in Solana
Hacking Wormhole
The Wormhole hack is one of the largest seen in the crypto industry so far, following the one suffered by the Poly Network protocol in August of last year. Messari researcher Ryan Watkins said on his Twitter account that in addition to being one of the largest exploits in terms of value, it is also one of the riskiest, putting at risk “numerous lending protocols, AMMs, and yield aggregators in the Solana ecosystem.”
While there are no confirmed reports from Wormhole, it appears that the exploit was made possible by a bug in the network’s guardian signature validation function, which the hacker was able to use to his advantage to mint 120.000 wETH out of thin air on Solana, making it appear that the guardians had signed a 120.000 ether deposit as valid on the network, when in fact they had not. Once minted, the hacker was able to swap the tokens for ETH, taking them off the protocol and into Ethereum.
Kelvin Fichter, a developer at Optimistic Ethereum, posted a thread on Twitter explaining how the attack could have happened.
“Wormhole contracts used the load_instruction_at function to verify”, says Fichter. “The load_instruction_at function was deprecated relatively recently because it *does not verify that it is being executed against the actual address of the system*”.
Ethereum co-founder Vitalik Buterin had warned a few weeks earlier about security vulnerabilities in the use of blockchain bridges.
A $10 million reward for returning the funds
A message on the Ethereum blockchain, apparently from the Wormhole development team, offers a $10 million bug bounty to the hacker for returning the rest of the funds extracted from the protocol. According to the message, the developers hope that the hacker who exploited the protocol is a “whitehat” hacker, as ethical hackers who help protocols detect security vulnerabilities are known.
The message was posted on the Ethereum blockchain and can be read via Notifi, an Ethereum messaging service.
Solana's cryptocurrency, SOL, was valued at around $114 before the attack was confirmed on Wednesday. Meanwhile, SOL's market cap has dropped by more than $5.000 billion in the past 24 hours, placing the cryptocurrency as the 7th largest in the industry currently.
Continue reading: Phantom, the main wallet application on Solana, reaches a valuation of $1.200 billion
