A hacker “made” more than $320 million in coins by hacking into a blockchain platform. How did this happen?
The Wormhole blockchain bridge, which allows the movement of tokens and NFTs between Solana and Ethereum networks, fell victim to a hack the previous day. The platform team confirmed that an unknown hacker managed to steal 120,000 WETH – that is, “wrapped” ethers in Solana’s blockchain – worth around $320 million. We tell you more about the situation.
Traditionally, we'll start with an explanation. A blockchain bridge is a platform that allows you to transfer tokens from one cryptocurrency network to another. It is important to understand that it does not transfer the tokens themselves, but rather their so-called wrapped versions. That is, in one blockchain, the tokens are blocked, and in another, the user receives their wrapped version at a 1:1 ratio.
The coin transfer transaction itself is paid for separately. For example, bridges can be used to transfer coins from Etherium to Polygon, or from Binance Smart Chain to Etherium. The main thing is that the final network has support for the desired asset.
How did the Wormhole platform get hacked?
On Wednesday, Wormhole’s official Twitter account posted a shutdown due to a “potential vulnerability”. As a cybersecurity expert under the pseudonym samczsun points out, it was already clear by then that something was wrong. Overall, the Wormhole team left the following comment in a transaction to the hacker. Here are its contents, published by the news outlet Decrypt.
We noticed that you were able to use Solana VAA verification and create tokens. We would like to cooperate with you and pay you $10 million for the details of the hack with the return of those WETH you created.
It is important to note that the fact that the protocol had problems initially became known due to this message, which was attached to the transaction from team representatives. That is essentially the project staff wanted to resolve the problem peacefully and did not inform their own community of what was going on. However, when the post came to light, Wormhole tweeted about the potential hacking of the platform. Accordingly, the occasion to acknowledge what was happening was this tweet.
Wormhole team’s address to the hacker
VAA in the context of this quote is validator action approval, i.e. the process of validating transactions in the Solana network by the validator. This is the name given to the participants in the blockchain who add blocks and make the network work. So, how did an anonymous person manage to steal such a large sum?
The hacker’s wallet balance
To make a WETH in another blockchain, Solana authenticates the signature of the transaction. This signature comes from a “custodian”, that is, a specific role in the cryptocurrency network. If the format of the signature is correct and it comes from the custodian, the request to produce tokens is granted.
The hacker resorted to a very unconventional move – he released the signature in the wrong format not from the address of the custodian, which was recognised by the network as a coincidence of two conditions not being met. And for some reason, that was enough to issue the tokens.
In other words, the hacker managed to produce WETH on the Solana blockchain without having to block ETH on the Etherium blockchain. He literally “created the coins out of thin air” and then withdrew them. So far, they remain in his wallet, and the hacker himself has not responded to a request for an agreement from the Wormhole team. Consequently, the project’s prospects remain in limbo.
Although the hacker himself will most likely continue his work. As reported by The Block the day before, the Wormhole team has replenished its own reserves and added coins to the contract. In other words, it has reimbursed the amount of stolen coins from its own funds, thus guaranteeing the security of the remaining coins on the network.
And according to sources, Jump Crypto management agreed to help with the reimbursement amount for the Wormhole project. The reason for this was "the team's belief in the future of the industry with the support of many blockchains". Well, Wormhole is an important part of that infrastructure.
Cryptocurrency hacker
We think this situation is a reminder of how young the cryptocurrency, blockchain and decentralisation industry is. There are also plenty of new projects out there with bugs and weaknesses. And while hackers occasionally successfully exploit this, others in the niche are willing to help their peers if necessary - including with large sums of money. This means that the development of blockchain bridges will clearly not end with this incident.
Check out our millionaires’ crypto chat. There we will talk about other topics related to blockchain and decentralisation.
Related posts
