Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Wormhole Hack: Future Big Attacks On Non-Ethereum Protocols Inevitable

Wormhole Hack: Future Big Attacks On Non-Ethereum Protocols Inevitable

Share via:

The global blockchain community is shocked by the recent Wormhole hack. Malicious actors have stolen $320M in ETH. It’s just the first explosion, vulnerabilities in blockchain protocols will soon result in a series of mega hacks, Solana at the greatest risk.

Wormhole is the bridge between Solana and other DeFi networks. The project’s team has already addressed the vulnerability stating that users’ assets are in safety. It is the biggest hack in 2022 and the second biggest DeFi hack in history. The Wormhole team has restored all funds.

Hacken CEO Dyma Budorin commented on the hack: “Wormhole incident is the first big hack of non-Ethereum protocols. It’s just a matter of time when other big protocols experience severe attacks”.

According to Dyma, security audits and pentests are the only tools to mitigate the risk of future attacks.

Hacken team has warned the global community numerous times of the security risks attributable to major non-Ethereum protocols including Solana. Namely, we shared our security concerns during the recent Solana Breakpoint event that took place in November 2021. As we can see, not all projects have paid enough attention to security.

Dyma Budorin discussing the future of Solana (growth and risks)

Hacken lead smart contracts auditor Evgeniy Bezuglyi agrees with the comment made by Dyma Budorin: “The Wormhole case is just the beginning of real bombing targeting non-Ethereum protocols. Although projects hold full responsibility for the security of assets at their disposal, Solana may be also blamed for providing the instrument with security flaws to its projects. Solana has not instructed projects on how to safely use it. Considering a high level of transparency in blockchain, by introducing the update, Solana demonstrated to the whole blockchain community the vulnerabilities of its instrument. Unlikely that Solana actively communicates with the projects that use this instrument”.

Based on this comment, we can see that security is always a shared responsibility. But, without any doubt, Wormhole might have prevented the incident by auditing the instruments it used.

Wormhole Hack: key lesson learned

A detailed analysis of the Wormhole hack you can find in this Twitter thread. We would like to focus your attention on one crucial point:

All accounts involved in the processing of a transaction need to be validated. Even when it seems that an account is to be validated by any other parties except for you, don’t hesitate to validate it.