Wormhole, a protocol that works as a bridge by allowing the transfer of cryptocurrencies between different blockchains, confirmed the incident through its Twitter account.
In recent days, computer attacks aimed at cryptocurrency platforms and their users are becoming more frequent. Last Wednesday, Wormhole was the victim of malicious actors who exploited a vulnerability that allowed them to steal 120,000 ETH tokens from the Solana blockchain.
Wormhole is a platform that allows transactions between the Solana blockchain with Avalanche, Binance Smart Chain, Ethereum, Polygon, and Terra. When making transfers between blochchains, what the protocol does is “mint” or mint a “wrapped” version of the token to the block chain. The concept of minting, from the English “mint”, means to create a record in the blockchain. Thus, a wrapped token refers to a token whose value is tied to the value of another asset.
In this case, what happened was that by using an exploit on the Solana side of the Wormhole network, the hackers amassed and managed to get about 120,000 worth of ETH tokens on the Solana blockchain. These wrapped tokens are interoperable with other blockchains. Apparently, the attackers converted 80,000 out of the total number of tokens to Ethereum, while the rest were kept on the Solana blockchain.
Analysis of the transactions revealed that the exploit that took advantage of a vulnerability in Wormhole allowed the validation of “guardian” accounts. In addition, as revealed by Elliptic, Wormhole offered the attackers a reward of 10 million for returning the funds and revealing details of the exploit. In this thread, specialists reveal technical details about how the exploit works.
Wormhole confirmed the attack on Wednesday and after they temporarily took the service out, they revealed that they had patched the vulnerability, restored the funds and the service. Through its Twitter account, the platform stated that “The wormhole network was exploited for 120k wETH”, and that they were “working to get the network back up as soon as possible.”
This attack is the second largest on a DeFi service platform after the Poly Network attack in August 2021. At that time, attackers stole 600 million tokens.
Unfortunately, ciberattacks are increasingly becoming common these days. In regards to that, Beatriz Cleves, Appgate Digital Threat Protection Product Manager, noted that in 2022 “we can expect to see an increase in crypto-related cyberattacks, and cybersecurity providers will need to guard against hackers trying to steal and manipulate bitcoins and altcoins.”
On the other hand, Tom Kellermann, head of cybersecurity strategy at VMware, a subsidiary of EMC Corporation that provides virtualization software available for PCs, noted, “by 2022, we can expect cybercriminals cartels looking for ways to hijack the digital transformation of organizations to deploy malicious codes, infiltrate networks, and gain persistence in systems around the world. Defenders and organizations will need to monitor networks and services carefully for suspicious activity and potential intrusions. Implementing practices associated with the Zero Trust philosophy, such as micro-segmentation, threat hunting, and advanced telemetry capabilities, can help ensure that organizations are not the gateway to or the victim of a seriously damaging attack. ”
It seems that cybersecurity will continue to be an issue of concern for those involved in the cryptocurrency business.
By Audy Castaneda
