Bridging smart contracts once again showed they are among the riskier parts of a decentralized multi-chain ecosystem. This time, one of the most widely used bridges on the Solana network, Wormhole, got exploited for an estimated $300M in ETH losses.
The Wormhole bridge portal is currently under maintenance, freezing both deposits and withdrawals.
On the Ethereum side, all ETH available was withdrawn from the smart contract. Anyone that deposited ETH to use as Wrapped ETH on Solana now has no recourse to regain the coins. Solana only carries a handful of play to earn games, but multiple NFT collections, and for now it is uncertain which projects were affected the most.
Analysis Shows Problem Originated with Solana
Analysis of the attack showed the ability to take the real ETH from the bridge originated with Solana. The problem was in one of the “guardian” smart contracts that accepted faked information for the generation of 120,000 wrapped ETH on the Solana network.
To the smart contract, the tokens were real, so it approved the withdrawal on the Ethereum side.
At this point, even if more wrapped ETH is created, the Ethereum side of the contract will not have the funds to complete the transaction. However, the flaw with Solana should be repaired, else rendering Wormhole highly risky.
The flaw in Wormhole means bridging for play to earn games on Solana may stall for a while.
SOL Price Tanks After Hack News
SOL ended its recovery and crashed on crypto markets, losing 10% of its price. SOL sank to $98.12. The hack arrives just days after a handful of play to earn games announced their NFT sales on the Solana network.
Hacks against smart contracts remain one of the biggest risks for play to earn projects. Most games attempt to have a bridge to Ethereum to tap a wider market of potential players. Despite warnings from Ethereum’s founder Vitalik Buterin, most projects choose to work with some dose of risk to speed up the adoption of play to earn games.