U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform

Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday. This is the second-biggest hack of a DeFi platform ever, just after the $600 […]

wormhole hack

Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge.

Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday.

This is the second-biggest hack of a DeFi platform ever, just after the $600 million Poly Network security breach. Experts pointed out that this is largest attack to date on Solana, which is a high-performance blockchain like Ethereum and that is increasing its popularity thanks to the interest in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems.

Wormhole is a communication bridge between Solana and other top decentralized finance (DeFi) networks and allows to transfer of cryptocurrency across different blockchains, including Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra.

The Wormhole development team confirmed the hack and took down its platform for maintenance while investigating the crypto heist.  The website of the Wormhole protocol is currently offline.

The attackers exploited a flaw in the protocol to steal 120k wrapped Ether tokens on the Solana blockchain, then they converted 93,750 to Ethereum to sell it.

“The exploit appears to have allowed the attacker to mint 120,000 wrapped ETH on the Solana blockchain, 93,750 ETH of which was then transferred to the Ethereum blockchain” reported the blockchain analysis firm Elliptic.

wormhole hack

Everytime a user wants to transfer funds among blockchain the token is wrapped in a smart contract before being transferred to the destination blockchain.

“An analysis from blockchain cybersecurity firm CertiK shows that the attacker’s profits thus far are at least $251 million worth of Ethereum, nearly $47 million in Solana, and more than $4 million in USDC, a stablecoin pegged to the price of the U.S. dollar.” reported CNBC.

Elliptic revealed that Wormhole has offered the attackers a $10 million reward to return the funds.

“Wormhole has offered the attacker a $10 million “bounty” to return the funds. The offer was embedded within an Ethereum transaction sent to the attacker’s account:” continues Elliptic. “Wormhole has offered the attacker a $10 million “bounty” to return the funds. The offer was embedded within an Ethereum transaction sent to the attacker’s account”

Below is the message sent by Wormhole to the attackers:

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at contact@certus.one”

Elliptic experts added that the analysis of these transactions has determined that the exploit resulted from Wormhole’s failure to validate “guardian” accounts.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]