The company that looks after safety, CertiK, said it had detected and prevented a defect in the Wormhole tunnel of the interchain bridge that could have caused $5 million worth of damage.
In a social media post, CertiK reported that its research team found a critical flaw in Wormhole – improper application of public and input modifiers, exposing the blockchain to potential multimillion-dollar exploits.
In a short explainer video, CertiK describes how it detected the glitch in the network. The company said this case study not only underscores the critical role of proactive security practices, but also celebrates the power of open source software in raising security standards and transparency across the Web3 world.
Wormhole handles the transfer of tokens and data between different blockchain networks. The project was spun off by Jump Trading Group and is one of the most popular bridges connecting Ethereum and Solana blockchains.
Wormhole experienced the largest DeFi attack in 2022
Wormhole lost an estimated $321 million in 2022 as a result of the exploit. Hackers broke into the Wormhole Bridge, resulting in the loss of 120,000 wETH from the platform, equivalent to $321 million. It was the largest DeFi attack in 2022 and the hacker converted wETH tokens into Ethereum, SOL, USDC, APE, SX, etc.
An investigation by pseudonymous researcher Planda, detailed in an April 4 X post, revealed that the Wormhole team had overlooked excluding several wallet addresses linked to the exploit that pulled $321 million from the interchain bridge.
Chainalytic said that to understand why the 2022 attack was more serious than the average hacking attack, it is necessary to know how interchain bridges work.
“Users interact with inter-chain bridges by sending resources from one asset to the bridge protocol, where those resources are then blocked in the contract. The user then receives equivalent resources from parallel assets in the chain to which the protocol connects. In the case of Wormhole, users typically send Ether (ETH) to the protocol, where it is held as collateral, and receive WeETH on the Solana platform, secured by this method and locked into the Wormhole contract on Ethereum.” – Chaina Analysis: Lessons from the Wormhole Exploitation.
In April 2024, losses from hacking and fraud were the lowest in recent years, with CertiK reporting losses of about $25.7 million from exploits, hacks and fraud.
This marks the lowest level of recorded hacking attacks since CertiK began monitoring such incidents in 2021, along with a decline in flash loan attacks and private critical attacks.