Jump Crypto mitigates devastating impact of Wormhole hack
08:11, 4 February 2022
Popular blockchain bridge Wormhole, which connects ethereum, solana and other cryptocurrencies, secured a $320m (£236m) bailout from the crypto arm of US-based trading platform Jump Trading hours after hackers stole wETH tokens worth the same amount from blockchain bridge.
Jump Crypto, the cryptocurrency arm of Jump Trading, said in a tweet that it believes “in a multichain future” and that Wormhole is “essential infrastructure”. It confirmed in the tweet that it had replaced the stolen cryptocurrency in the form of 120,000 ETH to make sure Wormhole “continues to develop”.
Only hours before Jump Crypto’s support, Wormhole had said in a tweet that hackers had stolen 120,000 wETH or wrapped ETH. The blockchain bridge had said that it was working to restore the funds via ETH. Just before confirming the replacement of the ETH from Jump Crypto, Wormhole also said that the vulnerability that the hackers exploited had been patched.
Devastating consequences averted
According to London-based cryptocurrency analysis firm Elliptic, the exploit resulted from Wormhole’s “failure to validate ‘guardian’ accounts” that allowed hackers to “mint” 120,000 ETH out of thin air.
Elliptic also said that Wormhole had offered the hackers a $10m bounty to return the funds.
The attack could have been devastating for Solana, according to Chainalysis, a cryptocurrency research firm. “Yesterday’s hack meant that $320m of wETH on the Solana blockchain was unbacked for a period of time. If the wETH wasn’t backed up with Ether, it would mean that a number of Solana-based platforms that accept wETH as collateral would become insolvent,” the firm said in a note.
DeFi attacks increasing
“We could have seen users rush to sell their wETH, causing its value to crash, which would have serious implications for the Solana blockchain and extensive DeFi ecosystems built on top of it, as many of these protocols rely on wETH to back assets issued to users. And in fact, we did see a 13.5% dip in Solana’s price last night, which many attribute to concerns around the hack,” the note added.
The attack on Wormhole is the latest in an ever-growing spate of hacking attacks on decentralised finance (DeFi) platforms. Data from Elliptic showed that DeFi platforms have lost more than $2bn in direct losses from hacks and exploits.
According to Chainalysis, the last major attack on a DeFi platform was as recent as August 2021 in which hackers stole $610m from the Poly Network. In that case, however, hackers returned almost the entire funds that were stolen.
Rigorous code audits needed
Chainalysis says that the attack on Wormhole shows the hacker sophistication that smart contract developers need to defend against.
The firm suggests rigorous code audits to become the gold standard, both for building protocols and investors evaluating them. “Over time, the strongest, safest smart contracts can serve as templates for developers to build from, such as those offered by the Open Zeppelin Project,” Chainalysis added.
