Blockchains by their nature are very secure and transparent. The problems arise with the applications that are built on top of various blockchains which include bridges. That’s what happened this week with the theft of $320 million of ether. Solana or Ethereum were not actually hacked , it was the bridge between the two called wormhole.
The second-largest decentralized finance (DeFi) hack occurred this week in an attack that swiped $320 million (€279 million), or 120,000 Ether, highlighting the growing trend of attacks on cryptocurrency platforms and concerns over security.
Wormhole, one of the most popular bridges which links the Ethereum and Solana blockchains, was hacked on Wednesday.
Solana felt the full effect of the heist and shed about 10 per cent off its price.
It is not the first time such a heist has happened. Just last week, hackers made off with $80 million (€70 million) from DeFi protocol Qubit Finance.
The biggest hack took place last August when $600 million (€525 million) worth of tokens was stolen from the Poly Network platform. But in a strange twist, the attacker then returned nearly all of the money as their aim was to expose the flaws in the system.
Such hacks are posing questions around the security of DeFi, an emerging financial technology that has programmable pieces of code known as smart contracts that can replace middlemen like banks and lawyers in transactions.
What is a bridge?
A bridge is a protocol that allows users to “bridge” or move assets such as cryptocurrencies, tokens and NFTs across different blockchains. It works by locking a transaction.
Crypto holders do not usually operate within just one blockchain ecosystem and so developers have created bridges to fill this void.
Wormhole has more than $1 billion (€875 billion) in total value locked and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche and Polygon.
How did the hack happen?
According to Dr Merav Ozair, a leading blockchain expert and a FinTech Professor at Rutgers Business School in Washington, the hack happened on the “bridge,” which is Layer 2, not Layer 1.
Layer 1 is the term that’s used to describe the underlying main blockchain architecture (ie, a blockchain, such as Ethereum or Solana, Avalanche or Algorand). She said layer 1 is almost impossible to hack.
But Ozair explained that Layer 2, the overlaying network that lies on top of the underlying blockchain (such as the Wormhole bridge), is less secure and therefore more vulnerable to code bug exploitations.
“Ethereum and Solana have not been ‘hacked,’ the bridge has been. The analogous is that – if you have a bridge between 2 cities, the ‘attack’ occurred on the bridge between the cities, but each city has not been ‘attacked’ or damaged,” she told Euronews Next.
“Therefore, the solution should be in creating more secure blockchain bridges, shielding any potential ‘attacks’”.
Does blockchain need to become more secure?
Blockchain is a software that like others may be susceptible to erroneous code, known as bugs, which can be exploited, as we saw with Wormhole.
Ozair said that because of this she has been advocating that there should be a mechanism that audits any applications before they are fully launched. This mechanism already exists in centralized systems such as in Apple’s apps.
“The blockchain ecosystem, if it wishes to scale and become mainstream, must fathom how an audit mechanism can be implemented in decentralized applications or platforms,” she said.
“This can be done and requires much thought and collaboration of the members in this ecosystem”.
via this site euronews.com