Wormhole Attack: Can DeFi Insurance be the Ultimate Solution?
At this point, it is no secret that the Wormhole platform took a huge hit on Wednesday and got hacked for $325 million worth of ETH (around 120,000 wrapped ETH). The hacker exploited the bridge between the Ethereum and Solana blockchains and redirected ETH to their own wallet.
This attack became the second-largest exploit ever in the DeFi world in terms of the total amount stolen, placing it just under the $600 million Poly Network attack.
DeFi is no stranger to such hacks, given there were a total of 75 DeFi exploits that have occurred in the past two years, excluding the Wormhole hack, with lost funds amounting to a total of approximately $1.7 billion at the time of these exploits.
While the majority of the stolen ETH still sits in the hacker’s wallet, let’s take a deeper look at the attack.
What really happened in the Wormhole hack?
After the initial shock, the mist surrounding the hack has been cleared and revealed the aftermath and the chain of events that led to the attack.
Before going further into what happened, here is a quick summary:
The attacker exploited a smart contract bug on the Wormhole bridge. They created 120,000 wrapped Ethereum tokens (WETH) and then used these tokens to claim Ethereum. Shortly after the attack, the Wormhole team tried to negotiate with the hacker and offered a $10 million bug bounty with the hopes of recovering the stolen funds. No progression so far.
And below is an analysis discussing what might have happened:
Wormhole is a communication bridge between Solana and other decentralised finance networks.
Wormhole bridge allows users to make transfers between Ethereum and Solana blockchains.
When users bridge their ETH tokens from Ethereum to Solana, they lock their tokens on the ETH bridge and receive “wrapped Wormhole ETH tokens”. These Wormhole ETH tokens are minted when ETH is staked on Ethereum bridge.
WormHole consists of a bunch of validators, whose sole purpose is to check that the deposit takes place on Solana’s side for minting to take place on Ethereum.
Solana’s smart contracts verify if the signatures from the validators are correct, and they do so using the verify_signatures function (Line 132)
The fourth argument (Line 153) consists of a system function id. Keep this in mind, more details below
Implementation of the verify_signatures function is to confirm that the correct id argument is sent and not a fake one.
But as part of the verification process, the Solana program also uses another system variable (sysvar) called load_instruction_at (Line 101).
However, as mentioned in Line 184, the load_instruction_at program clearly says “Unsafe because the sysvar accounts address is not checked, please use “load_instruction_at_checked” instead”.
The load_instruction_at_checked performs the same function as load_instruction_at but actually checks if you sent the right argument into the function ensuring nothing goes wrong.
However, the hacker had been tracking the protocol’s GitHub for a while and realised there was a vulnerability they could potentially exploit. And so, the following took place.
Initially, the hacker made a legit deposit of 0.1 ETH — the 4th argument being “Sysvar: Instructions” (as it should be)
But when they made the fraudulent transaction, as seen below, the 4th argument is not the same because the hacker sent in their own program — where he didn’t deposit anything but successfully minted 120,000 ETH. The deprecated load_instruction_at function was used for this transaction, and naturally, it did not check the signatures.
Is the Wormhole attack one of the many to come?
Cross-chain bridges are prone to smart contract hacks. Bridge vulnerabilities put blockchains in danger as they put millions of dollars worth of coins in escrow wallets which are considered juicy targets by malicious actors.
The security problem of bridges is an important one. It was only a month ago where Vitalik Buterin, the co-founder of Ethereum, suggested “the future will be multi-chain, but it will not be cross-chain”, in part because there are “fundamental limits to the security of bridges that hop across multiple “zones of sovereignty.”
So, more bridge hacks are expected in the following months as there is no way to create a bug-free bridge smart contract. But there is a way to stay protected against such hacks: DeFi insurance!
What could be the solution?
Uno Re, the world’s first decentralised insurance and reinsurance platform, dedicates itself to maintaining the security of the DeFi space to contribute to its growth. With that goal in mind, Uno Re has been conducting comprehensive research on smart contract vulnerabilities in bridge transactions and developed decentralized insurance solutions for individual users and bridge transactions as a whole.
We are well aware that the real victims of such malicious attacks are the users who invest their hard-earned money in DeFi platforms. Uno Re believes DeFi is a revolution that will change the understanding of finance at a fundamental level and aims to provide all its parties with the peace of mind they have been yearning for, the salvation of DeFi — insurance.
Sources:
Image Sources: Solana wormhole hack & why u should care — YouTube
Transaction Minting 120,000 Wormhole ETH on Solc : https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es
The hack transactions:
https://etherscan.io/tx/0x24c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14
https://etherscan.io/tx/0x4d5201dd4a377f20e61fb8f42e6f929ec16bcec918f0584e39241d15b254a80f
https://etherscan.io/tx/0xd31b155e259a403ebe69831fae0ec2b4bd33dfa090c43b605a57d5c72c4fbbc7
Rest of the wrapped wormhole ETH which couldn’t be bridged were then swapped to SOL and USDC in the SOLANA network:
About Uno Re
Uno Re is the world’s first decentralised insurance and reinsurance platform, allowing the community to invest and trade in ‘risk’ and receive sizable returns on their investments in one of the safest asset classes in the world. The platform will break barriers to entry for the retail investor by doing away with the historic pre-requisite of absurdly high capital generally needed to invest into the market while also introducing much-needed transparency into the industry as a whole. Uno Re will also allow the community to propose innovative insurance products to the space, thus propelling a new generation of Insurtech companies powered by the Uno Re ecosystem.
