Q1 of 2022 saw the notorious Wormhole DeFi hack – a major blow to the cryptocurrency community where over $320 million (120,000 wETH) in crypto were stolen. wETH, or wrapped Ethereum was victim of a crypto exploit, demonstrating just how exposed DeFi services are. This raised many concerns and a major loss of confidence in the community.
However, many decided to stick to crypto as Wormhole (a communication bridge gapping Solana and other DeFi networks) pledged to add Ether into the community to limit investor losses. The developers managed to bring the currency back to a 1:1 backing for the network, and that the vulnerability had been patched. This meant that the funds were safe.
But what led to this exploit in the first place? What was the cause of the Wormhole DeFi hack? In this article, we will take a closer look at what really happened, its impact on the community, and how even after other exploits throughout 2022, Wormhole managed to hold its own.
Understanding The Wormhole DeFi Hack
Wormhole DeFi is a decentralized finance protocol that allows users to earn interest on their cryptocurrency holdings. The protocol is designed to be simple and user-friendly, making it a great option for those looking to get started in the world of decentralized finance.
Wormhole interest rates have always been very attractive, making Wormhole DeFi a great way to grow crypto portfolios quickly. In addition, the protocol has always been known for offering a large number of other features that make it a well-rounded option for those looking to get involved in decentralized finance.
The platform has managed to remain friendly not just for beginners but for experts and developers alike since its inception in 2020.
The Wormhole DeFi Hack
Though it happened before the LUNA-UST crash, the Wormhole hack was a major hit to the community – and many believe it to be the first straw that led to the “perfect storm” cryptocurrencies faced throughout Q1 and Q2 of 2022.
The Wormhole DeFi protocol was the victim of an exploit on February 2, 2022, which resulted in the loss of over $325 million worth, i.e., 120,000 wETH. The team behind Wormhole DeFi has since taken steps to improve the security of the platform, and they are offering a bounty of up to $10 million for information leading to the arrest and conviction of those responsible for the hack. The developers also offer ethical hackers a bug bounty to help identify bugs and exploits.
Methodology
Ethereum was one of the most used blockchain networks, but Solana became the new underdog by offering even quicker transactions and lower gas fees; a number of users were actively shifting between the two. Wormhole protocol allowed users to shift tokens, currencies, liquidity, and NFTs from Ethereum to Solana (and the other way around) easily.
According to several vulnerability reports (such as the audit report from CertiK), the Feb 2022 attack involved the attacker bypassing the verification process that bridges the Ethereum and Solana networks. Once bypassed, the hacker was able to mint themselves 120,000 wETH.
They injected a spoofed sysvar account that then generated malicious messages as orders. The order was to mint new wETH first, and then with the “complete_wrapped” order, the hacker managed to export the ETH.
To spoof the sysvar account, the attacker used a “verify_signatures” function through the account.
Look at the #4 entry. The correct entry should have been:
#4 Account3: Sysvar: Instructions
Because of the spoofed order, the function loaded the wrong set of information (in easier terms), forcing the network to bypass the validation step. Instead, verification was done by the attacker via a “post_vaa” function, which led to the following exploit.
The developers quickly took to preventing this issue from occurring in the future, though.
Despite this setback, Wormhole DeFi remains a strong option for those looking to get involved in decentralized finance, and the team is committed to continuing to build a secure and robust platform.
How Much Was Lost To The Hack?
According to audit reports, the exploit involved first minting new currency and then exporting it via the verification system. As a result, the hack resulted in the loss of over $251 million worth of ETH and $47 million worth of Solana from the liquidity pool.
Furthermore, over $4 million were stolen in the form of USDC Stablecoin from the platform. The Stablecoin was pegged on the Ethereum platform for the price of the US dollar.
Combined, the Wormhole DeFi hack became the second-biggest theft in the world of cryptocurrencies since the Poly Network exploit in 2021. This exploit amounted to $600 million in tokens. However, this is still the largest theft affecting Solana as it starts rivaling Ethereum for DeFi and NFT space.
What Steps Have Been Taken To Improve Security?
As per several audit reports, it was recommended to the developer that a robust check and verification process be implemented with every account and function. This step was overhauled to limit external source access control with more checks, hence reducing the risks involved.
Furthermore, the team behind Wormhole DeFi has taken a number of steps to mitigate the impact of said exploit. They introduced countless ETH into the system to bring the system back to a 1:1 ratio, as per the Wormhole Twitter account. It took several hours to bring the currency back on track, but because of investor confidence, the selling ratio did not lead to a price crash.
According to reports, the developers introduced ~96,000 wETH into the Ethereum blockchain. However, the source of these wETH was not announced and is still unclear.
What Does The Future Hold For Wormhole DeFi?
Despite the recent hack, Wormhole DeFi remains a strong option for those looking to get involved in decentralized finance. In addition, the protocol offers a number of features that make it a well-rounded option for those looking to get involved in decentralized finance.
Unfortunately, this hack is not the first problem that Solana has faced, nor is it the last. It only added to the numerous problems associated with the blockchain. For example, in 2021, it faced a 17-hour downtime after being attacked by trading bots. Another recent attack on Solana managed to degrade its performance for quite a while.
Despite lower transaction costs, confidence in the platform seems to be dwindling. Solana’s native currency has also seen a decline recently, despite high volume and trading.
Wormhole DeFi History
Wormhole DeFi was created in 2020 by a team of experienced cryptocurrency and blockchain developers led by Curtis Hutten.
The team’s goal was to create a decentralized finance protocol that would be simple and user-friendly yet offer features that would appeal to both beginners and experienced users alike. In order to achieve this, the team designed Wormhole DeFi to have a number of unique features that make it stand out from other protocols in the space.
The Wormhole DeFi protocol is based on the Ethereum blockchain, making it a permissionless and quick platform. This means that anyone can use the protocol without having to go through a central authority. The protocol is also designed to be scalable, so that it can handle large amounts of traffic as more users begin to use it.
In addition, the team behind Wormhole DeFi is committed to transparency, which is another key selling point of the protocol. This transparency was relatively clear after the hack as they managed the situation fairly well. However, there are several uncertainties still about the immediate recovery the platform managed to make, introducing over $200 million into the ETH network.
The Ever-Increasing String of DeFi Hacks
Wormhole DeFi is hardly the first DeFi protocol to fall victim to a hack in 2022. In fact, hacks have become something of a commonplace occurrence in the world of decentralized finance, with a number of high-profile protocols being targeted in recent months.
Some notable examples include the MakerDAO hack, which resulted in the loss of over $7 million worth of ETH, and the bZx protocol (lender) hack, which resulted in the loss of over $55 million worth of BTC. Then there is the very recent LUNA-UST crash that impacted DeFi as a whole in some ways.
Despite the recent increase in hacks though, decentralized finance remains a promising area of the cryptocurrency space. This is because of developers’ ability to quickly make good the loss(es) that investors face and continue offering value against liquidity.
Furthermore, the ability to trade and invest without having to rely on centralized exchanges is a game-changing development, and it’s likely that we will see more people getting involved in DeFi as time goes on.
Wormhole DeFi remains an important player in the world of decentralized finance, and the Feb 2022 hack is a reminder of the risks associated with investing in DeFi protocols. Thanks to the team behind Wormhole DeFi, the protocol remains a strong option for those looking to get involved in decentralized finance.