Max E.Thu, Feb 3, 2022 6:12 PM
Wormhole Lost $325 million Due To A Hacker Attack
On February 3, it became known about the hacking of the Wormhole cross-chain protocol.
Wormhole provides tools to move assets and information across major blockchains. With it, users can lock an asset on one blockchain to get it reflected on another. In this case, we are talking about a “wrapped” version of Ether (wETH) released on the Solana blockchain.
Experts from CertiK cybersecurity company explained that Wormhole smart contracts did not perform full validation of the input data, which allowed transactions to be initiated with incorrect variables.
Paradigm security analyst samczsun confirmed that the vulnerability is related to the verification of input data by the cross-chain bridge protocol. According to the analyst, the exploit made it possible to completely bypass signature verification.
Thanks to this vulnerability, hackers were able to issue WETH to their address, and then withdrew 120,000 WETH from the project pool (about $325 million at the exchange rate at the time of writing). Most of the wETH tokens issued in this way were exchanged for ETH on the main Ethereum network via a bridge.
The developers reported that they closed the vulnerability and sent “additional ETH” to the pool to provide liquidity support. During the investigation of the incident, the team closed access to the service.
The project team contacted the attackers and offered to return the stolen funds, reveal the details of the hack and demonstrate the bug for a reward of $10 million.
The hacking of the cross-chain protocol caused panic among users of the decentralized finance sector – they began to transfer ETH tokens to FTX and withdraw them to the main network. According to Larry Cermak from The Block, FTX crypto exchange or its associated structures interested in the further development of Solana could take on the damages.
ETH suffered losses after it was discovered that the Wormhole cross-chain protocol was the victim of an attack that resulted in the theft of more than 120,000 wrapped ETH. The hack of this popular bridge cast a shadow over the performance of ETH and SOL. As a result, these tokens fell by 5% and 10%, respectively, in 24 hours.