Wormhole digs out of its hole with new security measures to move on from $320M hack
Many projects and companies would simply give up if they’d been hacked and had hundreds of millions stolen from their ecosystem partners, but it appears Wormhole isn’t one of them.
Last year, an attacker exploited a vulnerability in the Wormhole liquidity bridge between the Ethereum and Solana blockchains and stole about 120,000 wrapped ether, worth about $223 million today. A bridge, like the name suggests, facilitates transactions between different chains.
Shortly after the hack, Jump Crypto tweeted it was replacing the massive chunk of ether stolen to “make community members whole” because it saw Wormhole as “essential infrastructure” for the future’s multi-chain world.
Almost a year-and-a-half later, the cross-chain crypto bridging and messaging protocol seems intent on learning from its mistakes and making a comeback.
Since the hack, the company has stepped up its security, launched two $2.5 million bug bounty programs, and had a handful of third-party firms do a number of audits to resolve critical issues. The company has paid out several bounties, and by the end of the year, plans to add three core contributing teams that will be “building in various capacities,” Dan Reecer, head of operations at Wormhole Foundation, told TechCrunch+.
The company has finalized four teams so far and will potentially add one more, Reecer added. These teams will focus on building messaging protocols, zero-knowledge technology, business development, front end tools, blockchain tools and more. “It’s skill-dependent and we’re bringing teams that have [these different] components,” he said.
Wormhole also became one of two bridging protocols chosen by the Uniswap DAO for its cross-chain messaging after a study found the bridge fulfilled the necessary security requirements, according to Uniswap’s Bridge Assessment report.
The approval stems from the number of validators, including “reputable entities,” as well as “significant improvements” in response to its exploit in February 2022, the report added. However, the report identified some areas for improvement and “recommends periodic monitoring for any material changes that may affect the protocol’s security profile.”
Summing all that up: While Wormhole has indeed stepped up and improved its security around the protocol, there are still risks and concerns for its validators in the way the protocol bridges transfer messages and tokens.
But why did it take an exploit for Wormhole to ramp up its security efforts?
Reecer said he couldn’t comment on why Wormhole didn’t implement these measures before, as he joined the team only a few months ago, but he did note that security is always going to be one of the biggest priorities for the company.
“Maybe people didn’t realize at the time [of the hack] how important this was,” he added.