This is a story about how a simple software bug allowed the fourth-biggest cryptocurrency theft ever.
Hackers stole more than $323 million in cryptocurrency by exploiting a vulnerability in Wormhole, a Web-based service that allows inter-blockchain transactions. Wormhole lets people move digital coins tied to one blockchain over to a different blockchain; such blockchain bridges are particularly useful for decentralized finance (DeFi) services that operate on two or more chains, often with vastly different protocols, rules, and processes.
A guardian with no teeth
Bridges use wrapped tokens , which lock tokens in one blockchain into a smart contract. After a decentralized cross-chain oracle called a “guardian” certifies that the coins have been properly locked on one chain, the bridge mints or releases tokens of the same value on the other chain. Wormhole bridges the Solana blockchain with other blockchains, including those with regard to Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra.