There are so many good aspects of cryptocurrency. It allows people to take back control of their finances, which the government has had control of for years. But with increased decentralization, there comes an increased price to pay—lower levels of security.
On February 2, 2022, the Solana blockchain was hacked via The Wormhole, which is an app built on top of the blockchain as a bridge to other blockchains. The hacker successfully exploited bad coding and made off with over $320 million in funds.
Do you own Solana? Even if you don’t you should keep reading to learn about exactly what happened during this hack, and what it means for the cryptocurrency world as a whole going forward.
How Did the Solana Hack take Place?
The cryptocurrency world depends heavily on people to develop the space themselves, especially when it comes to creating dapps on top of the already existing blockchains. One of these dapps, Wormhole Portal, which is used to move tokens off the Solana blockchain to other DEFI projects on the Ethereum platform, suffered a vulnerability due to poor coding.
This vulnerability is actually a common programming error which allowed multiple contracts nestled in each other to execute without verifying signatures, also known as the integrity of the transaction. Therefore the hacker only had to execute multiple transactions and he was able to get away with over $251 million in Ethereum, $47 million in Solana, and more than $4 million in USDC, a popular stablecoin.
He did this by claiming 120,000 Wrapped Ethereum on the Solana side of the bridge. Rather than ensuring he actually had 120,000 Wrapped Ethereum, the Wormhole Portal allowed him to buy the three aforementioned cryptocurrencies on the other side of the bridge, even though he did not own a single Wrapped Ethereum.
Basically, this entire hack happened because the coders who worked on the project didn’t double check or test their work properly. As sad as this is, it is unfortunately all too common in the cryptocurrency world. There is currently a shortage of coders in the world and while all the excellent ones get jobs at Microsoft or Google, those who are less than stellar end up working for projects like Wormhole Portal and letting these types of errors get through.
While this will get better in the future as cryptocurrency becomes worth more money and is more widely used, it is a big problem in the present. A company like Wormhole Portal should have looked more closely at their coding or pay for proper testing to avoid a hack like this.
What Does This Mean For Users?
Unfortunately, a system like Wormhole Portal is absolutely necessary for the cryptocurrency world to be able to move forward. Therefore this hack probably will not put Solana, or Wormhole Portal, out of business nor will it stop people from using bridges between blockchains.
What is suspicious however, is the way the company has delt with the hack. Following the loss of the funds, the Solana blockchain went down for maintenance. When it came back up, the Wormhole Portal creators, along with Solana, offered a $10 million dollar reward for the returned funds. This is technically not legal; however the US government rarely bothers itself with these types of hacks in the cryptocurrency world.
What is strange is, all of the stolen funds have already been replaced to the blockchain. So where did Wormhole and Solana get these replacement funds? Either the hacker returned them (unlikely), Solana simply created more of their coins to replace that which was stolen (could happen, but not likely), or the company put up some of its own funds to reimburse users.
This last option is the most likely of course, but Solana and Wormhole have not disclosed where they got the replacement funds from, which is what makes their response a bit sketchy, after all, if it was on the up and up (aka company funds) why not say so? There are many who think this vulnerability could have in fact been an inside job—which is sometimes the case in the cryptocurrency world. Either way, the aftermath of this particular hack has been a bit shady all around.
Should You Use Wormhole Portal?
In a recent interview, Vitalik Buterin, the creator of Ethereum, highlighted on the security issues of bridges in the cryptocurrency world. While this particular hack was preventable, there are many attacks on bridges which are not. For this reason, Buterin believes they will not exist for much longer.
If you need to move money from one platform to another, you may not have a choice other than to use Solana and the Wormhole Portal. But if there was this big of a vulnerability on the dapp, it doesn’t make us very confident that this is a safe dapp to use. It is probably in your best interest to do your business on a different dapp. Though it is nice that the company has already replaced all the stolen funds.
Remember, the cryptocurrency world has almost no oversight, this means that scams like the Squid Games token, and hacks like this one happen all the time. Doing anything in the cryptocurrency isn’t without risk, but sticking with more mainstream platforms such as Ethereum and Bitcoin can help lower your chances of losing money in a hack like this.
Overall, what happened on the Solana network was a huge bummer, especially since this was previously a very promising project. This hack has left many calling for more government oversight in the DEFI world, but this takes away the entire purpose of DEFI—which is decentralized finance not overseen by the government.
Either way, this hack shouldn’t call for government oversight, but rather better oversight by the creators of dapps and blockchains to better check security. And you, as someone who uses blockchain technology, should always be aware of the chances of a hack occurring, and know the ways you can mitigate your risks—i.e. by investing in platforms with a long track record of success (and no hacks).