How $323 Million in Cryptocurrency Was Stolen from a Blockchain Bridge Called Wormhole

Date:

- Advertisement -

Hackers have stolen over $323 million in cryptocurrencies by exploiting a vulnerability in Wormhole, a web service that allows transactions between blockchains. The wormhole allows people to move digital coins tied to one blockchain to another blockchain; such blockchain bridges are especially useful for decentralized finance (DeFi) services that operate on two or more chains, often with vastly different protocols, rules, and processes.

Guard without teeth

Bridges use wrapped tokens, which fix tokens on the same blockchain in a smart contract. After a decentralized cross-chain oracle* called a “custodian” certifies that the coins have been properly locked on one chain, the bridge creates or issues tokens of the same value on another chain. The wormhole connects the Solana blockchain to other blockchains, including the Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra blockchains.

*an agent that finds and confirms real events and transfers this data to the blockchain for the use of smart contracts Cryptocurrency .

But what if you can’t trust the custodian? A lengthy analysis posted to Twitter hours after the theft states that the Wormhole’s backend platform failed to properly verify their custodian accounts. By creating a fake signed account, the hacker or hackers behind the theft minted 120,000 ETH – worth about $323 million at the time of the transactions – on the Solana network. The hackers then made a series of transfers that resulted in about 93,750 tokens being transferred to a private wallet stored on the Ethereum chain, blockchain analytics firm Elliptic said.

The hackers pulled off the theft by using an earlier transaction to create a signature set, which is a type of credential. With that, they created  Cryptocurrency a VAA, or validator action approval, which is essentially the certificate needed to approve transactions.

“Once they had a fake ‘signature set’, it was trivial to use it to create a valid VAA and trigger unauthorized minting on their account,” wrote @samczsun, Twitter manager for investment firm Paradigm.

“The rest is history. In summary, the wormhole did not properly verify all input accounts, which allowed the attacker to forge the signatures of the custodians and mint 120,000 ETH on Solana, of which they transferred 93,750 back to Ethereum.”

- Advertisement -
Mufasa
Mufasahttps://cryptomufasa.com
We bring you the Latest News and Updates on Bitcoin, Ethereum, Cryptocurrency & NFTs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More like this
Related

What Is Spot Trading And How Does Spot Trading Work In Crypto?

Spot Trading is an instantaneous or on-the-spot exchange of...

Brazil now accepts cryptocurrency as payment.

Although it will be allowed to pay with cryptocurrencies,...

Coinbase Wallets Will No Longer Support XRP, BCH, XLM And ETC

In a recent blog post, Coinbase Global Inc., the...

Kraken Settles With The SEC And Is Fined $362k For Violating U.S Sanctions on Iran

Kraken voluntarily agreed to pay a fine after the...