There was a ~$325mm hack of a blockchain bridge called Wormhole yesterday. Even if you aren't interesting in crypto, interesting software development lessons to be learned from this one. What a bridge is, how it happened, and some structural weaknesses of the ecosystem that need to be addressed.

A bridge allows you to move your tokens cross chain. It's like being able to exchange dollar values for gift cards at two different stores.

First, you deposit your tokens in a wallet or contract on the source chain (let's say Ethereum). In the Wormhole case, a centralized service then watches those transactions and mints new "wrapped" tokens on the destination chain that are 1:1 with the sent token. When tokens are exchanged back, the "wrapped" tokens get destroyed.

Bridges are vulnerable to exploits on either side of the bridge. Exploits happen in all sorts of ways. In this case, there was an exploit in smart contract code the destination blockchain. There are much more elaborate hacks, but this one was a simple oversight:

if (condition1 == condition2)

the above returns true when condition1 and condition2 are false. The author really meant:

if (condition1 && condition2)

There are much more elaborate hacks: a 51% attack where you control 51% of the nodes in a blockchain and can reverse transactions (send a transaction, get tokens on the new blockchain, reverse the original transaction).

Some thoughts on the inherent weaknesses of the system:

In the end, the lost $325mm was actually made whole by Wormhole. We don't know who the mysterious backer is and there aren't many institutions that can cover this loss this quickly. Maybe this is the cost of doing business?