The first half of February seems dramatic for the entire DeFi space. According to our native and several external sources, the Wormhole case is now the second-largest exploit within DeFi in terms of funds lost. Thereto, it is the second bridge hack after Meter.io was exploited and as a result, affected Hundred Finance on Moonriver, when regular users could use oversold BNB.bsc collateral asset by Meter hacker to drain funds from the lending protocol.
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole🌪 (@wormholecrypto) February 2, 2022
The attack was caused by a weakness in the signature verification function of the main Wormhole contract on Solana. Because of this issue, the attacker was able to fabricate a message from the Guardians (which verify transfers between chains) in order to mint Wormhole-wrapped Ether.
Before minting Wormhole-wrapped tokens on Solana, Portal’s token minting software employs the verify signatures function to validate the source chain message. This procedure is dependent on information in the instruction sysvar account, which is trusted since it is filled by the Solana runtime.
When invoking a Solana function, users can provide any number of input accounts. Each program is responsible for ensuring that the accounts given are the ones they anticipated.
An attacker might create an account and fill it with data to impersonate the instruction sysvar account. This bogus instruction sysvar may then be sent to Wormhole’s verify signatures function, fooling it into believing the signatures had been correctly validated. An attacker might sign any arbitrary Wormhole message with Solana as the target chain, including messages to mint wrapped Wormhole tokens on Solana.
Ethereum:
https://etherscan.io/address/0x629e7da20197a5429d30da36e77d06cdf796b71a
Solana:
https://solscan.io/account/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka
The attacker:
https://etherscan.io/tx/0x4d5201dd4a377f20e61fb8f42e6f929ec16bcec918f0584e39241d15b254a80f
https://etherscan.io/tx/0xd31b155e259a403ebe69831fae0ec2b4bd33dfa090c43b605a57d5c72c4fbbc7
https://etherscan.io/tx/0xacd309b02e4b533484d148de9ab0adf367ed4e70ed751d1ff036152dc3bc0479
Stolen funds are still in the exploiter’s wallets, 93,750 ETH on Ethereum and 432,661 SOL on Solana
1/2
All funds have been restored and Wormhole is back up.
We’re deeply grateful for your support and thank you for your patience.
— Wormhole🌪 (@wormholecrypto) February 3, 2022
Stolen funds have been restored by Wormhole to ensure a 1:1 token backing ratio.
Wormhole team contacted attacker via transaction, offering $10m bug bounty for the exploit details and returning stolen funds:
https://etherscan.io/tx/0x2d8b7901bff18ae6abe1a50aebe44b70559f39ff357b21340843d368b9486859
In addition, Wormhole announced that they offer a $10m reward for any information leading to the arrest and conviction of those responsible for the hack of the bridge on February 2
A $10,000,000 bug bounty for exploit details and a whitehat agreement is offered to the hackers in exchange for returning all funds. You can reach out to bounty@wormholenetwork.com
7/
— Wormhole🌪 (@wormholecrypto) February 4, 2022
As always, stay safe and DYOR!
For more De.Fi updates you can visit us at Website https://de.fi/ 📱 Telegram https://t.me/de.fi 🐦Twitter https://twitter.com/DeDotFi
Tezos Ultimate Yield Farming Guide [Infographics]
Solana Network Ultimate Yield Farming Guide [Infographics]
Fantom Network Ultimate Yield Farming Guide [Infographics]
Huobi ECO Chain Ultimate Guide for Yield Farming
Polygon Network Ultimate Guide for Yield Farming
Binance Chain Ultimate Guide for Yield Farming
EOS Ultimate Yield Farming Guide
Arbitrum Ultimate Guide [Infographics]
The Ultimate Yield Farming Guide For Terra Blockchain (Luna) [Infographics]
The Ultimate Guide to Avalanche Network
Ultimate Guide to Yield Farming on Harmony (with infographics)
Ultimate Guide to Tron Network [Infographics]
The Ultimate Yield Farming Guide For Moonriver Network
The Ultimate Yield Farming Guide For Celo
The Ultimate Yield Farming Guide For KuCoin Community Chain
The Ultimate Yield Farming Guide For NEAR Protocol
And join us on twitter and telegram!
Good luck in farming!
February 21 • 5 minutes
As an investor in DeFi, keeping track of digital assets across various platforms and blockchains can be a daunting task.
April 5 • 8 minutes
As the crypto bull market heats up, more investors seek to navigate the burgeoning world of decentralized finance (DeFi).
March 8 • 20 minutes
When engaging with decentralized finance (DeFi), investors often face the challenge of managing investments, tracking yields, and ensuring they keep all their assets safe.
February 15 • 15 minutes
January 2024 was an incredibly important month for us. We achieved significant results and made remarkable progress.
February 6 • 4 minutes
With new crypto ecosystems popping up on a regular basis, the integration of different blockchain networks with popular wallets is a key narrative moving into the next crypto cycle.
January 26 • 6 minutes
This month, we are proud to announce that De.Fi has secured investments from the first BTC ETF provider. We're seeing a huge spike in mentions and social interest in De.Fi and $DEFI token right before the listing.
January 18 • 6 minutes
© De.Fi. All rights reserved.
