Coinbase Logo
Sign in

The story behind Wormhole's $323M hack

The story behind Wormhole's $323M hack

Wormhole, a major blockchain “bridge,” suffered a massive hack last week. We’re taking a closer look at how it happened.  [Andriy Onufriyenko via Getty Images]

There’s never a dull moment on the blockchain. Here’s what you need to know this week:

Crypto started the week with a rally. Bitcoin crossed $44,000 on Monday after a strong weekend for the crypto market.

A DeFi network suffered a $323 million hack. The story of Wormhole Network and the second biggest DeFi exploit ever. 

The week in numbers. The price of an IRL house being sold as an NFT and other key figures to know this week.

MARKET UPDATE

Is this week’s crypto bounce the beginning of an upcycle, or just a momentary adjustment?

After months of cloudy forecasts, crypto prices finally rallied this week, with the total crypto market surging about 15% to $2 trillion. In the wake of positive headlines — including increased crypto adoption by individuals and institutions as well as signs pointing to potential near-term regulatory clarity — BTC and ETH climbed by 25% and 40% respectively from their January lows. But are we seeing a sustained uptrend or is this just a short-term adjustment? Let’s take a look at the bigger picture.

  • Governments around the world are clarifying their stances on cryptocurrencies via a wide range of policy initiatives — some supportive, some less so. Portugal, for instance, is pursuing 0% crypto taxes in an effort to bolster innovation in the space. The Indian government, which as recently as November was pursuing legislation outlawing crypto, is now considering a proposal that would legalize it with a 30% tax on crypto income. China, on the other hand, has broadly cracked down on the industry. Last summer, crypto prices tumbled after China banned Bitcoin mining, paving the way for the debut of their government-issued “digital yuan” at the Winter Olympics this week. 

  • In the U.S., congressional hearings are examining crypto policy this week. The bipartisan Senate Agriculture Committee is holding a hearing today, featuring CFTC Chair Rostin Behnam. Underlying this meeting is a fundamental crypto policy question: Should crypto be regulated as a security or a commodity? Commodities (like gold and oil) are regulated by the CFTC, while securities (like stocks and bonds) are regulated by the SEC. While the CFTC has said that BTC, ETH, and (most recently) USDT are commodities, SEC Chair Gary Gensler has said that many crypto assets are securities. Ultimately, more clarity is still needed about how digital assets are regulated.

  • A top Treasury Department official testified in front of the House Financial Services Committee, with the aim of creating “consistent” and “clear” rules for a stablecoin market that has grown into the hundreds of billions of dollars. And a bipartisan group of lawmakers has proposed a bill that would eliminate tax obligations for capital gains under $200 — potentially making it easier to use BTC for everyday purchases.

  • Meanwhile, tech firms and Wall Street continue to explore crypto — even as stock markets are reeling in the wake of Meta’s 25% plunge. On Tuesday, an ETF that invests in publicly traded Bitcoin mining companies was listed on the Nasdaq under the ticker “WGMI” (crypto slang for “we’re gonna make it”). In related news, “Big Four” accounting firm KPMG Canada announced that it has purchased both BTC and ETH for its treasury, Google’s CEO says the company is “definitely looking at blockchain,” and Disney appears to be hiring a business developer with “a passion” for NFTs.

Why it matters... Crypto adoption continues to surge — with a recent survey finding that one out of ten global internet users has purchased some cryptocurrency. But if you ask investors still on the sidelines why they have yet to participate, one of the primary concerns they cite is regulatory uncertainty. With a variety of hearings and pending legislation, and the White House’s forthcoming executive order about actions the United States government will take regarding digital assets, the smart money will be paying close attention.

CAN OF WORMS

The story behind last week’s $323 million crypto hack

Last week, the fourth largest crypto exploit ever drained $323 million from a blockchain bridge called Wormhole. (A blockchain bridge is exactly what it sounds like — it allows users to move crypto from one blockchain to another.) While the victims of the hack were refunded within hours by Wormhole owner Jump Crypto, plenty of questions remained. Like: Why was the hack possible? Who was responsible? And how did Jump Crypto have $323 million in cash on hand to fix things? Let’s dive in.

  • First, what’s Wormhole? Wormhole is one of the biggest blockchain bridges between the Ethereum and Solana networks, allowing users to move crypto and NFTs between the two chains. If a user wants to move 10 ETH from Ethereum to Solana, for example, they’d use Wormhole to lock their 10 ETH into a smart contract on the Ethereum network, and would then be able to mint an equivalent amount of “wrapped” ETH on the Solana network. 

  • The $323 million incident was the result of a software bug that allowed an unidentified hacker to mint 120,000 wrapped ETH on the Solana network without depositing the required collateral on Ethereum. Soon after recognizing the hack, Wormhole paused all token transfers on its bridges to begin patching the exploit, which took about 16 hours. By Thursday morning, Jump had replaced the stolen ETH, ensuring that no user funds were impacted. 

  • Some on Twitter wondered how Jump came up with all that money so fast. Jump Crypto is a division of a decades-old trading firm that has recently made a big push into crypto, building a crypto team of nearly 140 people. It’s not clear how it earns all of its revenue, but a major driver seems to be executing crypto transactions made by Robinhood users, a right it paid Robinhood $247 million for during the first nine months of last year.

  • The attack highlighted potential vulnerabilities of crypto bridges. Developing safe and secure smart contracts on a single blockchain is already difficult. Wormhole, which interacts with six chains (Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra) is faced with an infinitely harder task, as indicated by the exploit. Security experts, like Dan Guido, CEO of the security firm Trail of Bits, call blockchain bridges “among the most difficult code to write” because of the complexity of coding for multiple chains.

Why it matters… More than $20 billion is locked in cross-chain bridges like Wormhole, and Ethereum co-founder Vitalik Buterin recently highlighted the security limitations that exist with such applications. In fact, Wormhole was the second bridge to be exploited in two weeks. DeFi is still a relatively new innovation, and while it offers vast benefits outside the world of traditional finance, it also comes with some heightened risks. Before using a protocol, ensure that its smart contracts are audited and that you’re following the best practices to keep your crypto secure. 

NUMBERS TO KNOW

$5 billion

Record amount of monthly venture capital funding that poured into roughly 200 crypto-tech startups in January. How’s February looking? Polygon — the Ethereum scaling solution with low fees and speedy transactions — just raised $450 million this week from Sequoia Capital India and 40 other VC firms.

$3.6 billion

Amount in BTC seized by the U.S. government, which alleges the funds were stolen in the 2016 hack of the crypto exchange Bitfinex — the largest-ever financial seizure by the Justice Department. Assistant Attorney General Kenneth A. Polite Jr. said, “Today, federal law enforcement demonstrates once again that we can follow money through the blockchain.”

1.7 million

Number of transactions per second that the U.S.’s central bank digital currency (CBDC) research initiative, Project Hamilton, is able to process. Helmed by The Federal Reserve Bank of Boston and MIT, the project is conducting technological research about CBDCs — a digital version of government-issued money — but “does not aim to create a usable CBDC for the United States.”

$650,000

Starting auction price of a Florida home being sold as an NFT — a first for a piece of real estate in the U.S. The NFT will include ownership rights to the 2,000 square-foot-home and custom mural by a local Florida artist. (NFTs, popularized by viral artwork, can authenticate ownership for a vast array of digital and physical goods.)

17

Number of crypto exchanges (including Coinbase) that founded the Crypto Market Integrity Coalition, a new group whose mission is to work with regulators to “promote public and regulatory confidence in the new asset class.”

TUNE IN

How NFT marketplaces use “vampire attacks” to compete for business

Vampire attacks? Staking? What is this, Bram Stoker’s Dracula? We kid, we kid — we’re here to explain crypto’s ever-expanding glossary. On this week’s episode of Around The Block, Justin Mart and Katherine Wu break down the spookily named strategy NFT market LooksRare used to attract collectors from industry leader, OpenSea.

TOKEN TRIVIA

Which of the following is a taxable crypto transaction?

A

Converting BTC to ETH

B

Spending DOGE to buy a pizza

C

Selling ADA for cash

D

All of the above

Find the answer below.

Trivia Answer

D

All of the above