Solana’s SOL Tumbles 10% After $326M Wormhole Exploit

Prices of Solana’s SOL token dipped below the $100 mark after attackers took advantage of an exploit on Wormhole, a popular bridge between the Solana and Ethereum networks. Bridges are tools that transfer native assets and data between two separate blockchains.

SOL fell 10% in the past 24 hours, trading at the $98 mark during Asian afternoon hours, down from the $110 level during U.S. evening on Wednesday.

Charts show that prices of SOL briefly fell below the $98 resistance level before traders pushed prices up to the $99 mark during early Asian hours. Prices fell to as low as $97.32 before gaining 40 cents at the time of writing.

Nearly $13 million worth of liquidations occurred on futures tracking SOL, according to data from analytics tool Coinglass. Over $5.6 million of these occurred on crypto exchange Binance, followed by $4.26 million on FTX. Liquidations occur when a trader has insufficient funds to keep a leveraged trade open.

The price drop came after Wormhole was exploited on Wednesday night. Wormhole confirmed the exploit in a tweet during early Asian hours on Thursday. Wormhole also said that it will add ether over the next hours to ensure wrapped ether (wETH)– a representation of ether on Solana – was backed on a 1:1 basis with ether to prevent malfunctioning of decentralized finance (DeFi) applications.

DeFi applications use smart contracts to provide financial services, such as trading, lending, and borrowing, to users. Concerns loomed among traders and developers after the exploit. “If nobody backs it and the coins are truly gone then Wormhole ETH is worth 0,” George Harrap, founder of Solana DeFi platform Step Finance, said in an interview with CoinDesk. “Everyone who has a balance of it becomes worthless, DeFi protocols, users, everyone.”

Attackers stole over 120,000 wETH by tricking a series of smart contracts on Solana to digitally ‘sign’ on an illicit transaction, as reported.

“The attacker could effectively lie about the fact that the signature check program was executed. The signatures weren’t being checked at all,” explained Ethereum developer Kelvin Fichter in a tweet. Signature checks are an automatic step used by Wormhole to verify transactions between networks.

After that point, it was game over. The attacker made it look like the guardians had signed off on a 120k deposit into Wormhole on Solana, even though they hadn’t. All the attacker needed to do now was to make their “play” money real by withdrawing it back to Ethereum.

— smartcontracts (@kelvinfichter) February 3, 2022

Sentiment among industry observers on Twitter remained mixed. “This bridge that Solana (sic) hyped as ‘secure, trustless’ a few months ago just got hacked for 80,000 ether,” tweeted Evan Van Ness, founder of crypto fund Starbloom Ventures.

Adam Cochran, the founder of crypto fund Cinneamhain Ventures, said that blockchain bridges should have inbuilt security mechanisms to control the loss of funds in case of an exploit.

“Feels like bridges should have some sort of second contract that acts like a timelock cold storage,” he tweeted. “Set capital control limits on how much outflow can happen max and has governance voting for a freeze.”