Wormhole hack is considered to be among one of the biggest hacks to date. The platform Wormhole is a point-to-point transfer protocol that enables transactions with “mirror” or “wrapped ETH.”
Wormholes are a “bridge” that connects blockchains. It’s a popular program that lets you move assets between several different blockchain networks. The Wormhole platform allows you to issue tokens that can be accepted by all other participating blockchains. The underlying technology of the smart contracts is based on the open-source ETH blockchain.
Wormholes are a type of service that connects blockchains and acts as an escrow system, allowing one cryptocurrency to be sent to another in order to produce assets. It is a popular open-source application that allows anyone to issue tokens that can be accepted by all other participating blockchains. The underlying technology of the smart contracts is based on Ethereum’s ERC-20 standard and employs Wormhole Cash as an intermediary token between currencies.
In any case, the cross-blockchain capabilities are provided thanks to so-called bridge entities – “helpers”, if you will, with specific functions in each network (like generating address/data pairs for bitcoin transactions). The platform was introduced to the public at the end of 2017 and became very popular. Now let’s take a look on the Wormhole hack!
The news of the Wormhole hack was made public by the Wormhole team on Twitter:
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole🌪 (@wormholecrypto) February 2, 2022
In a single transaction, the Smart Contract was breached and $320 million worth of ether (approximately 80k ETH) was transferred out of the Wormhole contract on Ethereum. The attacker withdrew 80,000 ETH from Solana and replaced it with 80,000 ETH on Ethereum. The hacker then destroyed the Solana tokens and made off with the ETH. After this, he transferred the 80k ETH to another address, where it was split into many smaller transactions.
The first breakthrough occurred when the Solana transaction produced 120,000 “Wormhole ETH” out of nowhere. The intriguing part about this Solana transaction is that 0.1 Wormhole ETH was created on Solana just before the 120,000 ETH event. The attacker may exploit the “false” system program in a number of ways. For example, using this “faked” method, he or she may falsely claim that the signature check program was run – the same happened here. The attackers made it appear as if the guardians had accepted a 120k deposit into Wormhole on Solana, when they hadn’t. Everything was lost after one withdrawal of 80k ETH + 10k ETH (everything on Ethereum) was made later.
An issue was discovered, but it was not implemented in the live application before it was hacked. This year’s largest cryptocurrency theft, as well as one of the top five biggest crypto robberies of all time, occurred when Wormhole, became the target of this cyber attack.
After the Wormhole hack, group offered a $10 million reward to the hacker who returned the stolen money. The information was included in a transaction sent to the attacker’s Ethereum wallet address.
The team started working to recover the lost funds of the Wormhole hack from hackers by offering the bounty.
The hacker did not replied to the team’s message yet, but he or she knows that it would be possible to claim this reward for returning all stolen funds. Despite the fact, Wormhole stated they aren’t sure if the hacker will ever come back with their money. It may appear to be a little pittance in comparison to what was taken.
At the time of publishing the news, the Wormhole team stated that they have recovered the fund:
“All funds have been restored and Wormhole is back up”
The team is working on a detailed incident report and will share it asap
18:26 UTC – contract was exploited for 120k ETH
00:33 UTC – vulnerability was patched
13:08 UTC – ETH contract has been filled and all wETH are backed 1:1
13:29 UTC – the Portal (token bridge) is back up
— Wormhole🌪 (@wormholecrypto) February 3, 2022
In the Wormhole Hack, because of cross-chain apps, there was a large difference between the amount of wrapped Ethereum and normal Ethereum in the Wormhole bridge for a brief instant — as if the collateral asset backing a loan had vanished. After the intrusion, Solana coin plummeted by 10%. As a precaution, the team temporarily removed the ability to deposit or withdraw from online exchanges.
This is not the first time when hackers steal crypto funds. Let’s review all major cases of hacking cryptocurrency exchanges and wallets!
After the Wormhole hack, team stated that they already know what the problem is and how to fix it. But this incident may affect other platforms because it affects signatures or transaction confirmations in a smart contract or blockchain application.
The decentralization of smart contracts holds a promising future for Etherians, but this case shows it also brings along some issues that still need to be addressed before mass adoption. The solutions should not be easy to guess and the coding will have to be thorough enough from day one – otherwise, we can quickly get into trouble.
Love reading about Cryptocurrency hacks? Check all our related articles here!
Image by Pete Linforth from Pixabay
Don’t worry, we hate spam too
one weekly digest, just the important stuff.
