Breaking News

Wormhole cryptocurrency platform hacked for $325 million after GitHub error

Wormhole cryptocurrency platform hacked for $325 million after GitHub error

On Wednesday, decentralized finance (DeFi) platform Wormhole became the victim of this year's biggest cryptocurrency theft — and among the top five biggest crypto hackers — when an attacker took advantage of a nearly $325 million security flaw. ,

The attack appears to have resulted from a recent update to the project's GitHub repository, which fixed a bug that had not yet been deployed to the project.

The attack took place on February 2 and was noticed when a post from the Wormhole Twitter account announced that the network was being "taken down for maintenance" during an investigation into a possible exploit. A later post from Wormhole confirmed the hack and the amount stolen.

Shortly after the attack, the Wormhole team also offered the hacker a $10 million reward for returning funds, which were embedded as text in transactions sent to the attacker's Ethereum wallet address.

Wormhole provides a service known as a "bridge" between blockchains, essentially an escrow system that allows deposits of one type of cryptocurrency to create assets in another cryptocurrency. This allows a person or entity with holdings in one cryptocurrency to trade and make purchases using another, being able to fund a bank account somewhat in dollars and then buy something from the bank in euros. uses the card.

To carry out the attack, the attackers managed to forge a valid signature for a transaction, allowing them to freely mint 120,000 wETH — the equivalent of $325 million at the time of the theft — on the Solana blockchain. Equivalent to a "wrapped" ethereum - without putting in the same amount first. This was followed by an exchange of approximately $250 million in Ethereum that was sent from the wormhole to the hacker's account, allowing large amounts of the platform's Ethereum funds to be held as collateral for transactions on the Solana blockchain. effectively terminated.

The open-source code commit shows that the code to fix this vulnerability was written as early as January 13 and uploaded to the Wormhole GitHub repository on the day of the attack. Just a few hours later, the vulnerability was exploited by hackers, suggesting that the updates had not yet been implemented on production applications.

As software developer Matthew Garrett observed on Twitter, the code upload was described as if it was a run-of-the-mill version update, but in fact it contained extensive changes - a fact that allowed the attacker to do so. permitted to. was allowed to do. Could have conveyed the fact that it was a hidden security system.

Another file, available via the Wormhole Github page, also details a security audit conducted by security research company Neodym between July and September 2021. It is unclear whether the vulnerability existed during the audit period, and Neodim did not respond to a request for comment.

Due to the nature of cross-chain applications, the attack left a huge deficit between the temporarily wrapped up of Ethereum and the amount of regular Ethereum held in Wormhole Bridge – such that the collateral backing the loan suddenly disappeared. According to Forbes, the attack caused a 10% drop in the value of the Solana cryptocurrency after the hack.

The Wormhole team has announced that more Ethereum will be added to the bridge to replace the stolen collateral, which effectively means that the company will need to find $325 million in assets to bridge the gap.

At the moment it is not clear where the money will come from. Questions sent to Jump Crypto, the parent company of the developers of the Wormhole application, had not received a response at the time of publication.

No comments