120,000 Ethereum Wormhole Exploitation
The popular Web3 bridge Wormhole has been exploited for 120,000 Ethereum equating to around $US325,000 which is the largest hack of the year (still early days). Wormhole announced minor details of the exploit on Twitter.
Wormhole have also updated the community on the vulnerability being patched and funds stolen have been fulfilled with the token bridge now being back online after being shut down to address the vulnerability.
The impacted token was wETH a wrapped version of Ethereum that is traded on the Solana blockchain with the offender instantly trading the stolen Ethereum for Solana.
Users tracked around 40,000 Ethereum sold for Solana and it didn't take long for Wormhole founders Qubit to commence trying to negotiate with the offender and offer $US10 Million as a reward to return the funds.
However, it is unclear whether or not the offender returned the funds which saw their replacement of if Qubit secured the funds themselves. But the attack that took place is one of the strangest to date with the vulnerability known and left open with clear details of what it was which enabled someone to take advantage of the blockchain.
Was the hack on purpose or poor management?
In what has to be the largest form of mismanagement or oversight that will surely further cost Solana is the fact the the development team first identified the vulnerability in January 2022. They than preceded to disguise the security fix as a general version update in what the community is calling a red flag.
If Solana had of known that there was a security vulnerability which can be evidenced on Github questions need to be raised on WHY they didn't repair it given that the sector is dominated by developers and web3 knowledgeable persons leaving such a large hole in their blockchain would be a massive mismanagement.
Did the previous audit detect the vulnerability?
To add more fire to the fuel of burning questions is the fact the Qubit undertook a security audit with Neodyme who either knew about the potential security risk and informed Qubit who sat dormant on the risks or Neodyme didn't pick up the security risk meaning that despite Qubit's best efforts there were still security failures.
This further highlights the risks investors submit to when investing in cryptocurrency outside the world of centralised exchanges and in cross chain protocols.
2021 the tops the charts for hacks
Cyber crime in blockchain technology continues to increase with 2021 the largest year to date of blockchain related cyber crime with just over $US14 Billion worth of scams, rugpulls, hacks and more. The majority of crimes took place within the De-Fi space with scams being the largest cohort of cyber crimes.
The information was produced by Chainalysis which also reported on the fact that law enforcement has also grown with the FBI being able to pursue more criminals.
2022 has already elevated the importance of online safety and ensuring you keep your crypto currency secured and safe.
Image sources provided supplemented by canva pro. Information sourced from discord and official channels. This is not financial advice and readers are advised to undertake their own research or seek professional financial services