Another day another hack. Potentially the 2nd largest hack ever.
The attacker exploited a bug in a bridge app that had already been patched by the respective development team, but hadn’t been push Ed out live to the network.
Blockchain bridges let you move crypto assets between two different blockchains, in this case Ethereum and Solana. The hack is described as happening on the Solana side of the bridge.
Completely awful and not what the already down trending market needed.
thanks for your good information , market going down again, right now the btc price around $37k
Surprised this wasn’t audited to spot these holes in the code.
So apparently the bug was fixed on the development side. It just wasn’t merged into the production ready code that you and I would use. Most costly programming mistake ever!
It’s being suggested that hackers might be watching public code repositories for the patches and fixes that are waiting in the queue, ready to be pushed to production, as a way to identify potential weaknesses.
I bet some heads rolled for that!
“Hey Bob, did you get a chance to push those changes out to production?”
Bob: “Oh crap!”
AH genius!!!
It’s crap like this that scares off new Investors in the Cryptosphere.
Highlights the importance of offline wallets ledgers etc
Absolutely. But we’re still in the early days. Sadly this will happen again. But the security of bridges is known to potentially have a large attack vector than some of the more established and long running chains. Tried and true without issues. It’s the cross-chain compatibility that’s even earlier days and definitely needs more security audits and screening.
So Wormhole’s parent company Jump Trading restored all 320 million USD. No word, however, on the original 320 million USD. I wonder if one day someone will get arrested for laundering them like the Bitfinex hack launderers got arrested recently.
From the article:
Jump Trading acquired Certus One, the developer of Wormhole, back in August last year.
Well that was a costly acquisition!
I know, right? And they clearly think it’s worth to keep pouring money into it, for some reason.