Wormhole Released an Incident Report on Feb 2 Accident

TokenInsight news, On Feb2, 2022, Wormhold network was hacked and the attacker mint 120k WETH on Solana without any ETH backed. The attacker then bridged 93.75k ETH to Ethereum network. Jump Crypto later announced that it would recapitalize weETH to make it fully backed. The total duration of the incident was ~16 hours. What happened: Wormhole network is operated by 19 Guardians that validate funds deposit on one chain and insurance on another chain. 1. 18:24 UTC - An attacker exploited a vulnerability in the Solana-side Wormhole contract and tricked it into minting 120,000 weETH. The attacker redeemed 93.75k weETH back to ETH and swapped the rest into SOL. 2. 19:07 to 19:20 UTC - The unusual transactions were noticed by Wormhole contributors and incident confirmed, holding emergency call with Jump Crypto, Neodyme, major stakeholders, researchers. 3. 19:33 to 20:14 UTC - Bug fixing and testing. 4. 20:15 UTC - A proposal to send $10m to the attacker if he/she can send the weETH back. And, got no response. 5. 13:08 UTC - Jump Crypto replenished the contract with 120k ETH, restoring full collateral. 6. Until 13:29 UTC - The vulnerability was fixed and Wormhole network was back online. The root cause of the exploit was a bug in the signature verification code of the core Wormhole contract on Solana. This bug allowed the attacker to forge a message from the Guardians to mint Wormhole-wrapped Ether.
Source

Security Incidents

In This Article

Related News
Lending Protocol Sonne Finance Exploited for $20M Lending Protocol Sonne Finance Exploited for $20M
Users Lost $69M in $WBTC due to Address Poisoning Users Lost $69M in $WBTC due to Address Poisoning
Prisma Finance Exploited for $12M Prisma Finance Exploited for $12M
Major Security Vulnerability Found in Ledger Software Library, Affecting Multiple Dapps Major Security Vulnerability Found in Ledger Software Library, Affecting Multiple Dapps
Security Audits are "Not Enough" as Crypto Hacks Losses Topped $1.5B in 2023 Security Audits are "Not Enough" as Crypto Hacks Losses Topped $1.5B in 2023
Latest News More More
WisdomTree files with SEC for spot XRP ETF
Coinbase's fiat-to-crypto onramp integrates Apple Pay
23 Hours Ago Hyperliquid's HYPE surpasses Aave in market cap, claims nearly half of decentralized perpetual swaps volume
23 Hours Ago XRP becomes world's third-largest crypto, overtakes Tether’s USDT in market cap
3 Days Ago Coinbase’s decision not to support Celo Layer 2 upgrade causes stir among stakeholders
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open