120 Thousand ETH Were Stolen in Wormhole Cyberattack, Vitalik Buterin Criticized Cross-chain Solutions.
Wednesday afternoon has the cryptocurrency community witnessed another devastating crypto burglary — Wormhole, a major cross-chain bridge between Ethereum and Solana, suffered from a serious cyberattack and it’s estimated that least 320 million USD was lost due to the attack. This is, until now, the second largest loss caused by cyberattack in DeFi realm, and the largest in Solana history.
A Wormhole moderator named d231d claims in their Telegram group that: “As far as we can tell now, only wETH has been affected, no other tokens”
Etherscan data shows the attack was carried out in three transactions around 2pm EST on Wednesday, no clues how the hackers exploited the network.
01 — what’s cross-chain bridge?
Cross-chain bridge is a tool that enable interbridege connection. It allows tokens and assets to be transferred from one chain to another even if the two chains have different protocols and rules of governance. The bridge offers inter-communication, compatibility and supposingly secure operation.
What comes after the development of public blockchains such as Polkadot, COSMOS, Solana, Avalanche and Fantom, was the hyping of cross-chain feature. Many public blockchains have already launched their cross-chain products.
Avalanche has official AVAX bridge; Polygon has official Polygon bridge; Celo has Optics bridge; Klaytn has Orbit bridge, Arbitrum official bridge etc. Not to mention that Polkadot and COSMOS are positioning each other as a heterogeneous network that supports cross-chain interaction.
Wormhole is the very first bridge that supports Solana and five other blockchains: Terra, Ethereum, BSC, Avalanche and Polygon. It has its pride — a TVL of over 1 billion USD.
02 — how cross-chain bridges turned into a new breakthrough?
2021 was a booming year for crypto industry, we’ve seen the surge of many public blockchains including Solana, Avalanche, Fantom. The wealth-making effect of emerging ecology is on the rise, followed by an increasing demand for cross-chain support. Currently for regular users, there are two main methods to transfer their assets from one blockchain to another.
The first method involves transferring tokens to target blockchain using centralized service providers such as centralized crypto exchanges. However, one limitation is that mainstream CEX only support a limited number of networks to transfer stable coins to (mainly Ethereum, Tron, BSC, Solana), they are unable to cover all ecosystems comprehensively. Another con is that if the underlying token of the public chain is used as a medium, then it means there will be multiple times of conversions, therefore shrinking users’ assets.
Cross-chain bridges are the second method, and many public blockchains emphasize on their importance. There are official bridges, created by the underlying developers of the corresponding blockchains, namely Avalanche Bridge, Optimism Gateway etc. And “third party bridges” such as Anyswap, cBridge. Compared to centralized service providers, bridges features stronger coverage, and more flexibility, therefore bridges are the trending method provide cross-chain support.
As the major medium for cross-chain liquidation, bridges are bound to rise in value as the cross-chain communication becomes increasingly often. Bridges are perhaps the most foreseeable yet promising opportunity at the moment, naturally embraced by various blockchains to oppose to Ethereum’s dominance.
03 — vulnerable to compromise, Vitalik Buterin’s pessimism towards cross-chain bridges
In fact, cross-chain assets burglaries aren’t rare incidents. According to PeckShield statistics, a number of 19 DeFi security breaches were reported in Q3 2021. Among which, cross-chain related protocols were attacked 6 times, including Poly Network, ChainSwap, AnySwap, THORCchain etc. Even if we exclude the devastating Poly Network breach, the asset lost is still as high as 32.8 million USD, much higher than that of other categories.
Among which, cyberattack on Poly Network caused more than 610 million USD worth of assets to be stolen on BSC, Ethereum and Polygon, making it the most serious DeFi security breach in the history.
On January 31st 2022, Ethereum cofounder Vitalik Buterin made clear of his concerns on possible cross-chain asset exploits: “suppose that you have 100 ETH on Ethereum, and Ethereum gets 51% attacked, so some transactions get censored and/or reverted. No matter what happens, you still have your 100 ETH (…) Now, imaging what happens if you move 100 ETH onto a bridge on Solana to get 100 Solana-WETH, and then Ethereum gets 51% attacked. The attacker deposited a bunch of their own ETH into Solana-WETH and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH. Even if there’s a perfect ZK-SNARK-based bridge that fully validates consensus, it’s still vulnerable to theft through 51% attacks like this.”
It’s pretty obvious that Vitalik isn’t bridge fan, as things turn risky in the gap between “zones of sovereignty”. This trade-off in security comes as the attack towards asset increases, making it move across more and more chains and decentralized applications with different security principles. On the other hand, bridges kind of oppose to the decentralization principal of blockchain — they make users rely on bridge service providers rather than the decentralized security of underlying blockchain network.
There are two main risks of the current cross-chain solutions. First, they increase the number of attack for crypto assets, exacerbating the risk of cross-chain contagion. Second, the transferred assets are pooled through various external validator networks that may no longer remain decentralized and trustless, increasing the risk of these same attacks. It can be said that projects that provide cross-chain solutions on the market are still immature.
— — — — — — — — — — — — — — — — — — — — — — — — — — — —
About LuckyHash
LuckyHash is the world’s leading one-stop crypto asset management platform. It provides no-pledge mining hashrate leasing and cryptocurrency interest generating plans.
Website | Twitter | Facebook | Telegram | LinkedIn | Reddit | YouTube
LuckyHash has just launched a thrilling new function called “Lucky Ticket”, with which you can easily 100x your cryptos. It’s like a virtual slot machine but you can stack winning chance by buying more Tickets. Also LuckyHash is providing Lucky Ticket event (January 26th — February 6th) that allows you to win 50 USDT by simply inviting friends. Event detail goes here.
Drop a free to clap and follow us if you like our article.
Create a LuckyHash account under this link to receive a 10 TRX
