Wormhole is a cross-chain bridge protocol that supports multi-chain information transfer. It currently supports asset cross-chain and communication between 22 blockchains including Ethereum, Solana, and Arbitrum.
Portal Bridge is a cross-chain bridge for the Wormhole protocol, supporting both token and NFT cross-chains. The asset cross-chain method it uses is [locking + casting]. Therefore, during the asset transfer process, the participation of packaging assets is required.
In terms of cross-chain communication, Portal uses the [unilateral verification] scheme. Transaction information is observed and verified by a group of verification nodes (the Guardian Network). These nodes include well-known third-party infrastructure institutions such as Certus One, ChainodeTech, and Figment. After passing the verification, the transaction information will be updated to the target chain, thereby realizing cross-chain information transfer.
The specific process of Portal Bridge asset cross-chain is as follows:
Wormhole As a representative cross-chain bridge using the [locking + casting] cross-chain solution, it has suffered serious security attacks.
On February 2, 2022, Wormhole was hacked, resulting in a loss of 120,000 wETH (approximately $320 million). This attack ranked second among all cross-chain bridge attacks that occurred in 2022 and was the largest DeFi hack to occur at that time.
Hackers exploited a vulnerability in the Wormhole code and freely minted 120,000 wETH on Solana. wETH itself is pegged to ETH 1:1, but the wETH minted by hackers does not have any equivalent ETH peg, which is equivalent to the issuance of an additional 120,000 wETH. This has had a huge impact on the price balance of wETH. At the same time, the hacker transferred 93,750 wETH back to Ethereum via a cross-chain bridge and exchanged the remaining wETH for SOL and USDC on Solana. The Wormhole team later contacted the hacker and offered a $10 million bounty in the hope of returning the stolen funds, but to no avail.
After the incident, Wormhole’s parent company, Jump Trading, stepped in and replaced the stolen funds, helping Wormhole resolve the crisis and resume operations. Following this major blow, Wormhole launched a $10 million bug bounty program on ImmuneFi to strengthen its protocol security.