What is Wormhole

Wormhole is a cross-chain protocol that supports multi-chain message transmission. It currently supports cross-chain asset transfers and communication between 22 blockchains, including Ethereum, Solana, and Arbitrum.

Portal Bridge

Portal Bridge is the cross-chain bridge of the Wormhole protocol, supporting cross-chain transfers of both tokens and NFTs. It uses the [Lock + Mint] approach for asset transfers, which requires the participation of wrapped assets during the transfer.

In terms of cross-chain communication, Portal uses the [Single-Party Verification] scheme. The transaction information is observed and verified by a group of validation nodes (guardian network), including well-known third-party infrastructure institutions such as Certus One, ChainodeTech, and Figment. After the validation succeeds, the transaction information is updated to the target chain to achieve cross-chain information transmission.

The detailed process of Portal Bridge's cross-chain asset transfers is as follows:

Security Incident

As a representative cross-chain bridge using the [Lock + Mint] approach, Wormhole has suffered serious security attacks.

On February 2, 2022, Wormhole was hacked, resulting in a loss of 120,000 wETH (approximately $320 million). This attack ranked second among all cross-chain bridge attacks in 2022 and was the largest DeFi hack at the time.

The hacker exploited vulnerabilities in the Wormhole code and freely minted 120,000 wETH on Solana. While wETH itself is pegged 1:1 with ETH, the wETH minted by the hacker had no equivalent ETH pegged to it. It increases the supply of wETH by 120,000. This had a significant impact on the price equilibrium of wETH. Additionally, the hacker transferred 93,750 wETH back to Ethereum via the cross-chain bridge and exchanged the remaining wETH for SOL and USDC on Solana. The Wormhole team later contacted the hacker and offered a $10 million bounty to return the stolen funds, but to no avail.

After the incident, Wormhole's parent company, Jump Trading, intervened and repaid the stolen funds, helping Wormhole resolve the crisis and resume operations. Following this significant blow, Wormhole launched a $10 million vulnerability bounty program on ImmuneFi to strengthen its protocol security.