Someone stole $250m from Wormhole - here’s what you need to know.
“...it's always safer to hold Ethereum-native assets on Ethereum or Solana-native assets on Solana than it is to hold Ethereum-native assets on Solana or Solana-native assets on Ethereum.” - Vitalik, 5 January 2022
Wormhole lets you transfer value and information across blockchains.
The protocol allows you to transfer value from a chain like Ethereum to Solana and vice versa. It started in 2020 as a partnership between Solana and Certus One. If you launched on Ethereum but want to move to Solana, Wormhole can help facilitate this move.
Breaking down the $250m loot
- A flaw on the Solana side allowed the hacker to mint 120k worth of wEth.
- wEth is wrapped Ethereum. It helps bridge Ethereum to Solana on wormhole.
- The attacker sold 80k on Ethereum and the remaining 40k on Solana.
What happens now?
Wormhole and Certus One have offered a bug bounty. If the attacker returns the loot, they get $10 million and the ability to walk away without charges.
There are serious implications for folks holding Ethereum on Solana. ETH wrapped by Wormhole (wEth) accounts for 19% of the total ETH on Solana. This has zero value following this scam. Wormhole has promised to replenish the Eth, but it's unclear where they'll source this from.
To close
This is a horrible situation for anyone holding Ethereum on Solana, and we hope they can some reprieve. Let’s hope they aren’t left dry. Until then, stay safe and on your chain.