The second-largest DeFi hack of all time attacked the Wormhole project and left many sides shocked. How did it happen and what could it tell us?

The world of cryptocurrencies has expanded rather drastically since the release of Bitcoin back in 2009. Decentralized finance (DeFi) is one of the most influential innovations that takes the premise of cryptocurrency and expands the idea, creating an attractive alternative to Wall Street, but without all of the extra costs and difficulties.

Defi hacking incident

The main purpose of DeFi is to facilitate financial services on public blockchains and eliminate intermediaries that might slow down or complicate transactions. Long story short, it has the potential to create an open, fast, and fair financial market that is accessible to practically anyone around the world.

However, despite being seen as an easy and accessible platform to make transactions, DeFi is still not fully immune from hacks or other fraudulent activities. The most recent case is the major hack that attacked a well-known DeFi protocol called Wormhole in February 2022. The hackers managed to steal $320 million worth of cryptocurrencies, making it the second-largest known DeFi theft of all time following the Poly Network case where over $600 million was stolen from the project.


The Background of Wormhole

Wormhole is a popular blockchain bridge that links several public blockchains like Solana, Ethereum, Terra, BNB Smart Chain, Polygon, Avalanche, and Oasis. A blockchain bridge itself is essentially a combination of smart contracts that allow users to move assets like cryptocurrencies and NFTs across different blockchains. Many crypto holders own assets in several blockchains at the same time, so developers have created bridges to facilitate cross-chain transactions.

Typically, a user needs to use a web app to access the bridge. Before making a transaction, the user needs to first connect the wallet with the web app and input the necessary information. Once a transaction is confirmed on the origin blockchain, crypto assets will be released on the destination blockchain and automatically transferred to the user's wallet. For example, you could send some ETH and receive an equal amount of SOL in return.


The Heist that Left the DeFi World in Shock

On February 2nd, 2022, Wormhole made its first announcement indicating that there was a hack on its bridge. They said that the company's system was down temporarily and that its maintenance team was still looking for the "potential exploit".

Before the company stated any supporting comments, several crypto analysts had quickly noticed two suspicious transactions. It seemed that there had been an exploit of 120,000 wETH on the Solana blockchain. Two minutes later, around 10,000 ETH was bridged to the Ethereum blockchain, and twenty-two minutes after that, another 80,000 ETH transaction happened. It appeared that the hacker moved some of their assets to an Ethereum wallet.

Wormhole finally confirmed the hack a while later. The company stated in a tweet that some hackers had taken 120,000 of wrapped Ethereum tokens (wETH) with a value of roughly $320 million at that time (one ETH was worth $2,681). Wrapped Ethereum is basically the tradable version of the Ethereum currency.

But although wrapped Ether was the only crypto affected by the hack, Certik, a smart contract auditing firm, believed that Wormhole's bridge to the Terra blockchain could also be impacted like the Solana bridge.

A London-based blockchain analyst firm Elliptic argued that the Wormhole incident happened because the hackers were able to create a fake account on the platform and used it to mint their own Ethereum tokens. In most DeFi platforms like Wormhole, users are asked to create a guardian account, which is considered to be a more secure digital crypto wallet because it requires the user to go through a two-step authorization process. Elliptic said that the hack stemmed from the Wormhole's failure to validate those guardian accounts and thus, let the hacker minted 120,000 wETH out of thin air.


What Happened Next

The very next day after the hack, Wormhole stated on Twitter that all funds have been restored and that the ETH contract has been filled so that all wETH are backed 1:1. The company also assured everyone through their Telegram channel that the funds are safe and there's nothing to worry about anymore.

Wormhole didn't exactly state the source of the funding, but apparently it was from Jump Crypto, a crypto investment firm that is a part of the bigger firm Jump Trading. Last August, Jump Trading Group announced that it had bought Certus One which is one of the developers behind Wormhole. Through its official Twitter account, Jump Crypto announced it has decided to replace the 120,000 ETH because they believe in a multi-chain future and Wormhole is an essential infrastructure for that.

But even so, there still remains an unanswered question about the whereabouts of the stolen funds. On February 12th, Wormhole decided to launch a bug bounty program and offered a $10 million reward that includes smart contracts, web user interface, guardian notes, and Wormhole integrations in exchange for the stolen assets and the information on how the hackers managed to steal those assets. This makes it the current largest bug bounty program, on par with Maker DAO's program.


Safety Concerns with DeFi Platforms

The Wormhole incident marked the second-largest DeFi hack ever and the largest one yet in 2022. It came less than a year following the biggest hack of all time involving an estimated $600 million stolen from the Poly Network.

It is also worth mentioning that the DeFi platform Qubit Finance was hacked last January and lost $80 million worth of Binance coins. Another hack was also reported by in the same month. The hackers managed to break through the two-factor authentication system and withdraw $30 million worth of funds from 483 client accounts.

With that being said, what happened to Wormhole simply validates the public's concern about the level of security in DeFi projects. At a glance, DeFi projects are incredibly appealing because they are able to facilitate transactions without the intervention of any third party or intermediary. However, one needs to understand that such a system also removes the scrutiny of official regulators and law enforcement, making it more vulnerable to hacks.

When it comes to making transactions with DeFi projects, one should completely trust the platform to be not only transparent and unbiased, but also properly secured and well-protected. Currently, there are thousands of available DeFi projects to choose from, so it's highly necessary to be ive and only invest in the reliable ones. Keep in mind that around $2.2 billion has been stolen from DeFi protocols due to the vulnerabilities of the system in 2021, and an additional $10 billion was gone due to scams and frauds.


The Problem with Cross-chain Transactions

According to a blockchain expert and FinTech Professor at Rutgers Business School, Dr. Merav Ozair, the Wormhole hack happened on layer 2 (the "bridge"), not layer 1 (the underlying blockchain). She further stated that public blockchains like Solana and Ethereum are simply impossible to hack. Instead, hack cases typically occur on blockchain bridges because they operate on top of several blockchains, making them less secure and more vulnerable to cyber attacks and bug exploitations. You can think of it as a bridge connecting two different cities, so when the attack only happened on the bridge, it didn't damage any of the cities.

Moreover, Ozair believes that the solution is to create safer blockchain bridges with better protection systems to shield them from future attacks. She also stated that it is necessary to make improvements to the blockchain itself. The professor said that there is a need to create a mechanism that could inspect any applications before they are fully launched on the blockchain. Such a mechanism already exists in some centralized systems like Apple's apps.


Final Words

The Wormhole hack has shed some light on the vulnerability of cryptocurrencies, more specifically on DeFi platforms. While public blockchains are mostly secure, some DeFi projects are not that well-protected. This is not to say that DeFi projects are dangerous and full of scams, but it's important to know that they are more vulnerable to hacks and riskier.

The hack could simply be a sign for DeFi project developers of blockchain bridges to improve their security and regularly update their systems to avoid costly attacks like the Wormhole case. Criminals are always looking for new gaps and vulnerabilities that they could exploit, so it is the job of the company to constantly update their security protocols.

At the end of the day, we need to keep in mind that although it is growing in popularity, cryptocurrencies are still in development and largely unregulated everywhere. Therefore, you need to proceed really carefully and be ive with your investments. Apart from making sure that the project is legit, you also need to check on their safety measures and see their track record in this matter.