Pierluigi Paganini
February 03, 2022
Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday.
This is the second-biggest hack of a DeFi platform ever, just after the $600 million Poly Network security breach. Experts pointed out that this is largest attack to date on Solana, which is a high-performance blockchain like Ethereum and that is increasing its popularity thanks to the interest in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems.
Wormhole is a communication bridge between Solana and other top decentralized finance (DeFi) networks and allows to transfer of cryptocurrency across different blockchains, including Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra.
The Wormhole development team confirmed the hack and took down its platform for maintenance while investigating the crypto heist. The website of the Wormhole protocol is currently offline.
— Wormhole (@wormhole) February 2, 2022
The wormhole network is down for maintenance as we look into a potential exploit.
We will provide updates here as soon as we have them.
Thank you for your patience.
The attackers exploited a flaw in the protocol to steal 120k wrapped Ether tokens on the Solana blockchain, then they converted 93,750 to Ethereum to sell it.
“The exploit appears to have allowed the attacker to mint 120,000 wrapped ETH on the Solana blockchain, 93,750 ETH of which was then transferred to the Ethereum blockchain” reported the blockchain analysis firm Elliptic.
Everytime a user wants to transfer funds among blockchain the token is wrapped in a smart contract before being transferred to the destination blockchain.
“An analysis from blockchain cybersecurity firm CertiK shows that the attacker’s profits thus far are at least $251 million worth of Ethereum, nearly $47 million in Solana, and more than $4 million in USDC, a stablecoin pegged to the price of the U.S. dollar.” reported CNBC.
The wormhole network was exploited for 120k wETH.
— Wormhole (@wormhole) February 2, 2022
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
Elliptic revealed that Wormhole has offered the attackers a $10 million reward to return the funds.
“Wormhole has offered the attacker a $10 million “bounty” to return the funds. The offer was embedded within an Ethereum transaction sent to the attacker’s account:” continues Elliptic. “Wormhole has offered the attacker a $10 million “bounty” to return the funds. The offer was embedded within an Ethereum transaction sent to the attacker’s account”
Below is the message sent by Wormhole to the attackers:
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at contact@certus.one”
Elliptic experts added that the analysis of these transactions has determined that the exploit resulted from Wormhole’s failure to validate “guardian” accounts.
tl;dr – Wormhole didn't properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum.
— samczsun (@samczsun) February 3, 2022
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, REvil ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
