The Solana Network Hack: What Happened and What’s Next
The cryptocurrency world depends heavily on people to develop the space themselves, especially when it comes to creating dapps on top of the already existing blockchains. One of these dapps, Wormhole Portal, which is used to move tokens off the Solana blockchain to other DEFI projects on the Ethereum platform, suffered a vulnerability due to poor coding.
This vulnerability is actually a common programming error which allowed multiple contracts nestled in each other to execute without verifying signatures, also known as the integrity of the transaction. Therefore the hacker only had to execute multiple transactions and he was able to get away with over $251 million in Ethereum, $47 million in Solana, and more than $4 million in USDC, a popular stablecoin.
He did this by claiming 120,000 Wrapped Ethereum on the Solana side of the bridge. Rather than ensuring he actually had 120,000 Wrapped Ethereum, the Wormhole Portal allowed him to buy the three aforementioned cryptocurrencies on the other side of the bridge, even though he did not own a single Wrapped Ethereum.
Basically, this entire hack happened because the coders who worked on the project didn’t double check or test their work properly. As sad as this is, it is unfortunately all too common in the cryptocurrency world. There is currently a shortage of coders in the world and while all the excellent ones get jobs at Microsoft or Google, those who are less than stellar end up working for projects like Wormhole Portal and letting these types of errors get through.
While this will get better in the future as cryptocurrency becomes worth more money and is more widely used, it is a big problem in the present. A company like Wormhole Portal should have looked more closely at their coding or pay for proper testing to avoid a hack like this.
What Does This Mean For Users?
Unfortunately, a system like Wormhole Portal is absolutely necessary for the cryptocurrency world to be able to move forward. Therefore this hack probably will not put Solana, or Wormhole Portal, out of business nor will it stop people from using bridges between blockchains.
What is suspicious however, is the way the company has delt with the hack. Following the loss of the funds, the Solana blockchain went down for maintenance. When it came back up, the Wormhole Portal creators, along with Solana, offered a $10 million dollar reward for the returned funds. This is technically not legal; however the US government rarely bothers itself with these types of hacks in the cryptocurrency world.
What is strange is, all of the stolen funds have already been replaced to the blockchain. So where did Wormhole and Solana get these replacement funds? Either the hacker returned them (unlikely), Solana simply created more of their coins to replace that which was stolen (could happen, but not likely), or the company put up some of its own funds to reimburse users.
This last option is the most likely of course, but Solana and Wormhole have not disclosed where they got the replacement funds from, which is what makes their response a bit sketchy, after all, if it was on the up and up (aka company funds) why not say so? There are many who think this vulnerability could have in fact been an inside job—which is sometimes the case in the cryptocurrency world. Either way, the aftermath of this particular hack has been a bit shady all around.