Wormhole Released an Incident Report on Feb 2 Accident

TokenInsight news, On Feb2, 2022, Wormhold network was hacked and the attacker mint 120k WETH on Solana without any ETH backed. The attacker then bridged 93.75k ETH to Ethereum network. Jump Crypto later announced that it would recapitalize weETH to make it fully backed. The total duration of the incident was ~16 hours. What happened: Wormhole network is operated by 19 Guardians that validate funds deposit on one chain and insurance on another chain. 1. 18:24 UTC - An attacker exploited a vulnerability in the Solana-side Wormhole contract and tricked it into minting 120,000 weETH. The attacker redeemed 93.75k weETH back to ETH and swapped the rest into SOL. 2. 19:07 to 19:20 UTC - The unusual transactions were noticed by Wormhole contributors and incident confirmed, holding emergency call with Jump Crypto, Neodyme, major stakeholders, researchers. 3. 19:33 to 20:14 UTC - Bug fixing and testing. 4. 20:15 UTC - A proposal to send $10m to the attacker if he/she can send the weETH back. And, got no response. 5. 13:08 UTC - Jump Crypto replenished the contract with 120k ETH, restoring full collateral. 6. Until 13:29 UTC - The vulnerability was fixed and Wormhole network was back online. The root cause of the exploit was a bug in the signature verification code of the core Wormhole contract on Solana. This bug allowed the attacker to forge a message from the Guardians to mint Wormhole-wrapped Ether.
Source

Security Incidents

In This Article

Related News
Security Audits are "Not Enough" as Crypto Hacks Losses Topped $1.5B in 2023 Security Audits are "Not Enough" as Crypto Hacks Losses Topped $1.5B in 2023
Decentralized Exchange KyberSwap Suffered $46 million Hack Decentralized Exchange KyberSwap Suffered $46 million Hack
HTX Exchange Loses $13.6M as part of the $87M HECO Bridge Exploit HTX Exchange Loses $13.6M as part of the $87M HECO Bridge Exploit
Unibot Still under attack, the Vulnerability Issue Remains Unresolved Unibot Still under attack, the Vulnerability Issue Remains Unresolved
Some Fantom Foundation's Wallets Drained due to Zero Day Exploit Some Fantom Foundation's Wallets Drained due to Zero Day Exploit
Latest News More More
14 Hours Ago Botanix Labs Launches EVM-equivalent Bitcoin Layer 2
18 Hours Ago AntPool Agrees to Refund Accidental $3 Million Bitcoin Transaction Fee
20 Hours Ago MicroStrategy Purchased 16,130 Additional Bitcoins, Plans to Raise $750M Through Stock Sale
1 Day Ago Bitget Wallet Announced TON Mainnet Integration
1 Day Ago Wormhole Secures $225 Million Funding at $2.5 Billion Valuation
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open