What The WormHole Hack Shows You About Bridges

avatar

Bitcoin despite having 2 major bugs in the past has never been hacked and continues to run into its second decade with a flawless record. It can achieve this by making trade-offs, keeping the code simple, not creating incompatible hard fork upgrades, and ensuring that everything built on top of it can be verified and settled on the base chain means there is a smaller room for error.

Bitcoin makes these trade-offs purposefully and bases the system on the reality of hardware and the limitations of what decentralization can achieve.

On the other hand, altcoins aren't restricted by wanting to be money, so they can try all sorts of weird things to try and attract people to their network. Ethereum has become a rube goldberg machine with patch after patch, and the amount of vulnerabilities and attack vectors grows each day.

When you don't consider the reality of technology and people and make assumptions you leave effectively leaving yourself open to anyone with the means and incentive to take money, will do it.

Second biggest crypto hack under the bridge

A piece of news I don't think got that much publicity is the latest hack of the wormhole bridge contract. This dumb contract allows users to transfer tokens between Ethereum and Solana blockchain.

As is the case with most smart contracts once the honey pot is big enough it's time to crack it open and the result was a loss of more than $320 million two weeks ago.

A report from blockchain cybersecurity firm CertiK confirms that the exploit of the contract allowed some lucky person to walk away with at least $251 million worth of Ethereum, nearly $47 million in Solana, and more than $4 million in USDC, a stable coin pegged to the price of the U.S. dollar.

Now, do we know if this was an outside or inside job? No clue, the way it's been covered and the walk around it makes me side with an inside job. But that's just me speculating.

wormholebridge.png

What is the wormhole

Since degen crypto holders do not operate exclusively within one blockchain ecosystem and are looking for yield or cheaper fees and ways to arb, these bridges have become popular.

The wormhole is a protocol that lets users move their tokens and NFTs between Solana and Ethereum. Bridges like Wormhole work by having two smart contracts — one on each chain. When an asset is locked into the contract on 1 chain, a representative version is created on another, but it doesn't mean the original is destroyed, it's kept within the smart contract or custodial service taking on the liability.

How come every time you come around, my crypto, crypto bridge wanna go down

The story goes that there was an exploit in the Solana side of the smart contract which allowed the hacker to continuously mint wrapped ETH on the chain resulting in a bunch of unbacked ETH.

So when you break a bridge you're effectively creating a double spend event in that asset and diluting everyone. It's less of a bridge and more of a connection between two pipes of flowing water with a balloon.

As the water streams in the balloon expand, sure it allows the water to flow between the two pipes, but the more water, the more fragile the connection, and it's primed to pop.

All blockchains are simple ledgers, they cannot extract data from outside their environment, and bridges like these are always going to be fundamentally broken implementations that will continue to provide a point of failure.

Jump Crypto bailout

The hacker was able to make off with the funds and when contacted to return the funds, for an offer of $10 million they refused. So why wasn't there cascading systemic losses from this hack?

Any rational person involved in the ETH bridge or Solana ecosystem would surely be worried as their wrapped ETH on Solana would trade at a discount. This could in theory break a lot of DEFI protocols and lending protocols that use the wrapped ETH as collateral.

The reason was Jump Crypto, one of the largest liquidity providers in Solana, who mint 90% of the chains USDT also manage Wormhole. So they have pretty serious exposure in the Solana ecosystem.

I imagine that doing the math, Jump Crypto realized that they would lose far more through the knock-on effects to the Solana ecosystem, and decided to make everyone holding funds in that contract whole.

Now, where they came up with the funds to do so is anyone's guess.

Shitcoiner tears are a delicacy

I am amazed at how people can write off these issues and carry on when it's so obvious that these shitcoin systems aren't built with any security measures. I guess gamblers never cared anyway.

Personally, I find it highly entertaining to watch!

May the losses continue until critical thinking improves.

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Safely Store Your CryptoDeposit $100 & Earn $10Earn Interest On Crypto
ledger.jpgBlockfi.jpgcryptocom.jpg

celciusnetwork.jpg

Posted Using LeoFinance Beta



0
0
0.000
12 comments
avatar

Thanks for bringing the story to us. This emphasises that all new shiny bridges and alt coins are not gold. With the evolution of open source where anyone can create a copy of a code, update it and run another chain is actually leading to scams like this.
Very sad indeed and a warning sign to be very careful with your crypto.

0
0
0.000
avatar

I think it's evidence that these so-called cross-chain world isn't going to happen, it's just creating systemic risk, value will accrue to one chain and they'll have layers above them with the main chain as the final settlement layer

0
0
0.000
avatar

Hahaha wild stuff. Those shitcoin tears are a delicacy killed me

Posted Using LeoFinance Beta

0
0
0.000
avatar

lol they say you're meant to spit it out, but why would I do that? its sweet berry WINE!!!

0
0
0.000
avatar

i'm not knowledgeable enuff to judge, would just say that things are still in their infancy. not too pleased about bitcoin magazine bragging about funding canadian truckers as a symbol of success. freedom maximalism is another kind of authoritarianism, just under a different cloak... it's complicated. republicans here embracing btc, russians embracing btc,,, the world makes no sense, until you realize everyone's out for short-term gain. peace

0
0
0.000
avatar

It's proper rubbish, you're just setting yourself up for massive double spends and diluting your supply with all these coins and chains, I can't see how a multi-chain world makes sense, its just a VC narrative to try and get retail to buy their bags and pushing the diversification fallacy

I totally get you, I like to celebrate it but I always hold a sense of skepticism around everything, I think a little freedom maximalism pushback is needed for a rebalance, we've clearly had way too much authoritarianism in the last 2 years. No system can correct without an overcorrection I suppose

As for these new class of BTC shills like Russia and the red states, its cool but they don't give a shit about BTC, the Republicans want to use it as a way to stick it to the dems and the Russians want to avoid US sanctions.

Its got zero to do with bitcoin, its just the current climate and game theory suits their objectives, they all paper hands anwyway and ill pick up their sats when they cry when things dont go their way

0
0
0.000
avatar

yes, a big mess all over ... i guess i lean to diversity in all things, plurality , so it's hard for me to envision a world without multichains and cross chains ... everything is still early, i like the view that diff chains will evolve specializations in diff areas, sectors, pub vs priv, who knows, but eventually transitions b/n will be fairly seemless. the overall big struggle, once again, is if we can evolve to an ethos of collective action and integrity instead of one-vs-all of scarcity and conflict

0
0
0.000
avatar

I'm not convinced on multi-chains, sure I can see private chains and chains for games or things like that but that's just going back to equity investing with extra steps.

As for something that's going to be global money I can't see how multi-chains all in different codebases, different developers all of which cannot enforce rules on another don't fall apart completely. Everytime you add a connection with another chain you multiply the attack surface

Code is not law if it's not protected by multiple nodes, and since most chains code is run on centralised servers they can always be attacked from one or other end. There's a lot of overpromising going on in the "we've got better tech" space. I've yet to see anyone really deliver

0
0
0.000
avatar

In a way, it is hilarious how easy it seems for the hackers to get insane amounts of money out of these exploits.

I definitely agree with the statement that people seem to not care too much becasue they're gamblers. In the end, most coins are exactly that - a gamble. So if you lose in a rugpull, a massive sell-off or a hack attack.. It's still just a bad gamble, nothing else.

!1UP

0
0
0.000
avatar

I've taken that stance now, I am not going to be the one standing in front of the casino and tell people gambling is wrong, if they want to gamble be my guest. I just wont feel sorry for you

0
0
0.000
avatar
Don-1UP-Cheers-Cartel-250px.png

You have received a 1UP from @mezume!

The following @oneup-cartel family members will soon upvote your post:
@leo-curator, @ctp-curator, @neoxag-curator, @pal-curator, @pob-curator, @vyb-curator
And they will bring !PIZZA 🍕

Learn more about our delegation service to earn daily rewards. Join the family on Discord.

0
0
0.000