Wormhole hack illustrates danger of DeFi cross-chain bridges
Solana has become one of the fastest-growing smart contract blockchain networks since it was first officially launched in March 2020.
The total value locked (TVL) on decentralized finance (DeFi) protocols on the network grew from nearly $152 million in March 2021 to $8.08 billion at the time of writing, as per data from DefiLlama.
Simultaneously, the network has also been subject to several network issues and outages. Most recently, the Wormhole token bridge was hit by a security exploit on Feb. 3 that culminated in the loss of 120,000 wrapped Ether (wETH) tokens, worth over $375 million at the current price of Ether (ETH).
This exploit was the biggest so far in 2022 and the second largest DeFi hack ever, following the Poly Network hack where over $600 million was stolen from three different blockchain networks when an Ethereum bridge was compromised.
Wormhole is a token bridge protocol that connects multiple blockchain networks like Ethereum, Solana, Terra, BNB Smart Chain, Polygon, Avalanche and Oasis. It enables users to send and receive tokens between these networks without the need for a centralized exchange or tedious conversion processes. While wrapped Ether was the only asset impacted by this exploit, Certik, a smart contract auditing firm, mentioned that Wormhole’s bridge to the Terra blockchain network could be impacted by the same vulnerability as the Solana bridge.
The token bridging protocol has released a detailed incident report that tracks the chronology of the hack and all the associated aspects of it including security audits, bug bounties and the security roadmap. Cointelegraph discussed this hack with Max Galka, the CEO of blockchain data analytics firm Elementus. He said:
“About three hours before the Ether was taken from Wormhole, the wallet that is currently holding the stolen funds had a smaller transaction deposited from Tornado Cash — a mixer that anonymizes transactions. There was a transfer from a mixer on Ethereum to this wallet now holding the stolen funds.”Galka further mentioned that while it is evident as to why the hacker would have experimented with Tornado Cash in the first place, it is less clear as to why they would use the mixer to deposit funds exactly into the same wallet before executing a major exploit.
Soon after, Wormhole launched a bug bounty program with Immunefi on Feb.12 with a $10 million reward that covers smart contracts, web user interface (UI), guardian nodes and Wormhole integrations. This makes it the largest bug bounty program in the cryptoverse, on par with Maker DAO’s bug bounty program.
Jump Crypto, the crypto investment arm of trading firm Jump Trading and one of the lead investors backing Wormhole, has stepped in to “make the community members whole.” The venture capital firm has replaced the 120,000 ETH and stated via a Twitter post on the same day of the hack that the firm believes in a multichain future and that Wormhole is essential infrastructure for this future.
Security concerns with cross-chain activity
Vitalik Buterin, a co-founder of Ethereum, wrote on a Reddit AMA session along with the Ethereum Foundation’s Research Team where he said that the future of blockchain technology is multichain and not cross-chain. Buterin has reasoned this with security concerns of bridges and non-native token assets with a focus on the probability of 51% attacks. He said, “It’s always safer to hold Ethereum-native assets on Ethereum or Solana-native assets on Solana than it is to hold Ethereum-native assets on Solana or Solana-native assets on Ethereum.”
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty". From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022Jagdeep Sidhu, the chief technology officer of Syscoin, a proof-of-work (PoW) blockchain network that is “merged-mined” with Bitcoin, spoke to Cointelegraph further on this narrative. He said, “He simply means that where there is a blockchain, there is a zone-of-sovereignty within that chain which has free will on the security of that blockchain. Any time blocks roll back, for example, all systems depending on the security of that chain also roll back. Because of this, when creating cross-chain bridges, you have to either assume a new consensus system that will watch and act on rollbacks or cautiously wait around the possibilities of a rollback, depending on the value of the transaction.”
Sidhu further said that the Wormhole hack revealed the complexities of creating cross-chain exchanging and bridging, as the attack was only enabled due to an externality by the Solana team which rendered a certain operation in the consensus code legacy. This operation opened a loophole in the logic of Wormhole that was taken advantage of by the hacker.
Even though this particular hack impacted a cross-chain bridge, it is noteworthy that, technically, this was a smart contract exploit, which has been around as long as the concept of smart contracts has existed. Galka stated:
“The history of smart contracts has involved a pretty consistent stream of vulnerabilities and hacks dating back to the very early days of Ethereum when The DAO was attacked in 2016. In general, cross-chain bridge contracts have large balances making them prime targets. Historically, there have always been hacks on smart contracts. I would expect that to continue.”Cointelegraph also discussed this aspect of the hack with Anton Bukov, co-founder of the 1inch Network, a DEX aggregator, who mentioned that the cause that led to this hack was a low-level smart contract bug. It was related to the mechanism that Solana used for precompiled smart contract calls. He noted that the bug fix was publicly available on the interoperability protocol’s GitHub repository for more than two weeks before the hack.
The fix being publicly available could’ve been the cue for the exploiter to identify the hack. Bukov also agreed with Buterin’s concerns with cross-chain operations and stated that “Cross-chain operations are much more dangerous and vulnerable than any other blockchain operations.”
At least 5 bridges were hacked since mid-2021, attackers were able to steal more than $1B. Never underestimate security audits importance. Three hacks ago @VitalikButerin warned us about cross-chain dangers: https://t.co/jvmLOIEQlE pic.twitter.com/bQoht0FNve
— Anton Bukov ⚖️ (@k06a) February 3, 2022Zero-knowledge rollups
Despite Solana’s rapid growth in the short time since its launch, the network has become increasingly susceptible to issues as more users begin to come onboard. The network had a bad start to the year when it faced six network outages in January that caused a lot of frustration to its community.
Related: Scalability or stability? Solana network outages show work still needed
Sidhu pointed out that Solana, like all other alternative smart contract networks, uses a monolithic architecture that does not provide for economies of scale. Due to this, as more users come onto the network, the fees and the resources to keep the network stable, secure and decentralized will increase.
Suggesting an alternative to this incoming issue, he said, “The best way we know to scale is through a modular architecture. This is what Ethereum and some other blockchains such as Syscoin are transitioning toward due to the creation of great scaling solutions such as optimistic and zero-knowledge proof based rollups.”
Proving a detailed solution for this issue, Sidhu mentioned that the best solution for cross-chaining assets is to use zero-knowledge (ZK) proofs as a better alternative to having the pool of money sitting on an external consensus such as a multi-party protocol which requires an honest majority assumption of external validators. This use of ZK-proofs would replace the external consensus with mathematical validity proofs.
Nonetheless, he also added that none of the solutions are as secure as using a reliable layer 1. He added, “A ZK bridge is a promising improvement to cross-chain bridging, but I do not think it should be used as a generic cross-chain DeFi ecosystem, as, by definition, it cannot provide as much security as simply using a secure layer 1.”
Bukov noted the possibilities of this hack being replicated with bridges on other blockchain networks as well:
“Historically speaking, there have been cases of one party exploiting code and then copycats seizing on this initial exploit. In 2017, a series of multisignature Ethereum wallets had their underlying code hacked. In this instance, several follow-up hacks occurred by other actors seizing on the same vulnerability.”This hack could be a sign for core developers of interoperable bridging protocols and other smart contract blockchain networks to proceed with caution for cross-chain smart contracts and assets and work on regular updates, audits, bug bounties, etc., to plug costly loopholes like these in their operations.