Lessons from a $300M Hack
Dear Bankless Nation,
Earlier this week, Solana’s Wormhole bridge was compromised for a total of 120k ETH.
With a dollar value exceeding $300 million, the Wormhole hack is the second largest smart contract hack in history, trailing only the $600M Poly Network hack of 2021.
Both of these attacks targeted cross-chain bridges.
It’s now a pattern: Bridges are high-value targets for attackers, meaning that bridge security is more important than ever.
So we’ve reached out to the Optimism team to help us reason about the lessons we’ve learned from this last week.
Shout out to Kelvin and the Optimism team for their help with this!
Lesson 1: Simplicity is security
Use simple bridges!
Complicated code is a red flag for bridges. Every additional line of code is an additional security risk to the bridge.
Core bridge logic should contain only the bare minimum logic required to make the bridge work—any additional code compounds the risk.
Lesson 2: Rollup bridges are better
Cross-chain bridges have more moving parts than rollup bridges.
While this particular exploit did not involve the nature of cross-chain vs. L2 bridges, it did invoke a conversation about risk-surface-area with cross-chain bridges.
Measuring security is hard, so people generally defer to the Lindy effect as a proxy:
The problem with cross-chain bridges is that the extra complexity is a limit on its ability to generate Lindy.
Every additional risk vector reduces the strength that time plays in the ability to access security.
Bridges with minimized lines and minimized external dependencies achieve maximum Lindy.
Lesson 3: We cannot rely on bailouts
Solana’s ecosystem is extremely lucky that Jump Capital was able and willing to bail out $300m of missing ETH. It’s fantastic that people are being made whole, and no material damage is happening to the Solana ecosystem.
And yet…
It’s dangerous to set a precedent that big bridge hacks will be covered by the nearest VC. One day, there will be billions of dollars in bridges. One day, bridges will be far more decentralized and there won’t be anyone to foot the bill.
One day, the bailout won’t come.
Lesson 4: Incentivize Whitehats
Our bridge builders should recruit white hat hackers.
🧠 A Whitehat hacker is an ethical security hacker.
Run a bug bounty
Every bridge project should be running a bug bounty program. Modern crypto bounty programs typically offer maximum payouts of $1-2M.
Payouts this big might sound like a lot, but they’ll be paying much more if their bridge gets hacked (Wormhole offered the attacker a retroactive bounty of $10M).
Make your code accessible
If your bridge builders make it difficult to review and digest code, then Whitehat hackers are much less likely to put in the work to do so. Blackhats are significantly more motivated to shovel through piles of spaghetti code than whitehats will ever be.
This is why published and verified code is so important to the ecosystem—the more eyes, the better.
Lesson 5: There’s going to be more
Whether you believe we’re going to a Cross-L1 or a multi-L2 world, we will live in a world of bridges.
Bridges are honeypots. If they can be exploited, they will be exploited. While the $300M Wormhole hack is terrible, at least it started the conversation around bridge security and tradeoffs.
Hopefully, these lessons serve you well after a crazy week.
Here’s what’s lined up for the next one:
- The founders of Solana, Avalanche, and Luna are coming on a panel 👀
- Kyla talks memes and markets on the podcast (get early access)
- We’re going to leak the best yields on Layer 2
Have a great weekend.
- David