$324 million stolen from blockchain platform Wormhole – ZDNet

The company has offered the hackers $10 million to return the stolen funds.
Jonathan Greig is a journalist based in New York City.
Wormhole, a popular blockchain bridge, confirmed on Wednesday evening that hackers stole crypto-assets worth $324 million.
The platform serves as a bridge between different blockchains and allows users to transfer cryptocurrency. The company confirmed in a series of Tweets that 120k wETH was stolen from the platform and the network was down for maintenance as they looked into a potential exploit.
The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.
The platform’s website has “Portal is Temporarily Unavailable” in block letters but no other message. Researchers found evidence of an 80,000 ETH transfer from Wormhole as well as another 40,000 of ETH being sold by the hacker on Solana. 
Elliptic’s Tom Robinson shared a message from Certus One, the company behind Wormhole, to the hacker offering $10 million for the exploit details and return of all the cryptocurrency. 
The company said the hacker exploited “the Solana VAA verification and mint tokens” in the message.
“The exploit appears to have allowed the attacker to mint 120,000 wrapped ETH on the Solana blockchain, 93,750 ETH of which was then transferred to the Ethereum blockchain,” Elliptic explained
By around 8 pm EST, the company said the vulnerability was patched and the network was being restored. Multiple researchers released detailed threads explaining the vulnerability the hacker exploited. 
tl;dr – Wormhole didn’t properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum.
Jump Capital, which purchased Certus One in August 2021, did not respond to requests for comment. The company also invested in crypto platform AscendEX, which suffered its own $77.7 million hack on December 11. Just five days ago, Qubit Finance took to Twitter to beg hackers to return more than $80 million that was stolen from them. 
The recent hacks continue a run of attacks on DeFi platforms that have occurred over the last year. Chainalysis said at least $2.2 billion was outright stolen from DeFi protocols in 2021.  
The attack on Wormhole is the second largest reported hack after Poly Network saw $611 million stolen from their platform in August. Bitmart lost $196 million in early December.
$4.4 million stolen in attack on blockchain infrastructure Meter

Pearson purchases credentialing platform Credly for $140 million

More than $8 million made from NFT wash trading: Chainalysis

Best online information technology associate degree 2022: Top picks

Best portable jump starter 2022

Best online computer science degrees 2022

Best portable power station 2022: Emergency power when you need it

Best desktop deals available right now: Lenovo, Dell, HP, and more

Best TV 2022: Budget-friendly to big-screen opulence

Please review our terms of service to complete your newsletter subscription.
You agree to receive updates, promotions, and alerts from ZDNet.com. You may unsubscribe at any time. By joining ZDNet, you agree to our Terms of Use and Privacy Policy.
You agree to receive updates, promotions, and alerts from ZDNet.com. You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.
© 2022 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

source