Sticky Crypto Hack

Hackathon gone wrong $300M+ (120k wETH) exploited from Solana blockchain

  • 3 February 2022
  • 9 replies
  • 912 views
Hackathon gone wrong $300M+ (120k wETH) exploited from Solana blockchain
Userlevel 7
Badge +24
  • Sr. Security Analyst & Community Manager
  • 1098 replies

 

 https://twitter.com/wormholecrypto/status/1489001949881978883

This is the statement from the wormhole network that runs on Solana blockchain

The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience.

 

Here is vitalik literally explaining how this attack might happen. This was less than a month ago. Someone has now done it

Source CoinTelegraph

https://cointelegraph.com/news/vitalik-buterin-gives-thumbs-down-to-cross-chain-applications

 

This is lots of money lost but apparently the exchange (FTX presumably) will be cutting into their profits to refund the balance to make sure no one’s ETH are lost and are backed 1:1

 

The memes are fire

 

Apparently they’re asking for a “whitehat agreement” where they let the hacker keep $10Million in and disclose the exploit.

 

 

Interesting deal we’ll see if the hacker takes it

 

 

This also happens to be the very FIRST DAY of the Solana’s Blockchain Hackathon called Riptide - They certainty got the RIP

https://solana.com/hackathon

The hackathon is over

 

Memes are fire on this too

 

 

Here is the ETH side of the transaction at just over $216 Million

 

So the Wormhole network is down and Solana is trending on twitter. 

 

Stay safe out there in the Wild Wild West that is crypto

 


9 replies

Userlevel 7
Badge +24

 

Userlevel 7
Badge +20

Another day in crypto. Hopefully these exchanges continue to improve their security so that hacks like this are less easy in the future!

Userlevel 7
Badge +25

Another day in crypto. Hopefully these exchanges continue to improve their security so that hacks like this are less easy in the future!

I worry that a hack like this, that shows a weak spot, may be used as a basis for future hacks on other blockchains. This is very clever though, and the “slow” nature of confirmations seems to make this possible if I understand the exploit correctly.  Not a good day for ETH

Userlevel 7
Badge +4

Another day in crypto. Hopefully these exchanges continue to improve their security so that hacks like this are less easy in the future!

I worry that a hack like this, that shows a weak spot, may be used as a basis for future hacks on other blockchains. This is very clever though, and the “slow” nature of confirmations seems to make this possible if I understand the exploit correctly.  Not a good day for ETH

Crypto world wide has really suffered to put it mildly this year. And to add something like this to the bowl of salad, make it super interesting. Please pardon the FRENCH here, but this is a crap load of money and people should take the security of this very serious. I have seen some of these platforms that does not even have 2FA on etc, which make it even way more scarier. 

Userlevel 7
Badge +4

Another day in crypto. Hopefully these exchanges continue to improve their security so that hacks like this are less easy in the future!

@khumphrey  I hope so as well Keenan. 

Userlevel 7
Badge +4

 

@TylerM  lets hope they can keep it secure. Thank you for sharing the most. Absolutely interesting. Recently started in the crypto space as well, so always good to know these things.

Userlevel 7
Badge +4

 

@TylerM  lets hope they can keep it secure. Thank you for sharing the most. Absolutely interesting. Recently started in the crypto space as well, so always good to know these things.

You’re braver than me. I’ve still not invested in Cryptocurrency yet. Too scared!

 

Userlevel 7
Badge +24

I’m so deep into crypto, but its all stored on hardware wallets.

NOT YOUR KEYS NOT YOUR CRYPTO

 

Everyone has to learn this lesson I think at least once...the hard way (lol I have).

 

Sure it’s convenient to store everything on exchanges since they promise a return on storing your crypto, but clearly they can’t be trusted. These centralized exchanges are doing the same thing traditional finance was doing - fractional reserve banking. They lend out 10x the amount they have in customer deposits to increase the wealth and end up gambling it away on volatile assets and then one big customer has issues withdrawing and then word gets out triggering a bank run, and then BAM - insolvent. Funnily enough this is the exact reason why Bitcoin was created - when the “too big to fail” banks became insolvent from fractional reserve banking and were bailed out by printing - which basically just turns into inflation which steals from everyday people.

 

This FTX has some additional components like faking a “hack” for the remaining 4% of funds so it was obviously an exit scam to the Bahamas.

 

I’ll do a detailed writeup off the FTX implosion if I have time this week

 

I will reiterate that this does not damage Bitcoin or blockchain fundamentals in anyway - for those that understand it. No protocol was abused during this implosion and “hack” this was just traditional finance doing what they do best, but with non-regulated tokens that they customers know even less about. If any legit hack took place, it was just the private keys being stored insecurely and as far as the blockchain is concerned it was legitimate transactions since they had the corresponding private key to unlock the funds. 

 

I worry that a hack like this, that shows a weak spot, may be used as a basis for future hacks on other blockchains. This is very clever though, and the “slow” nature of confirmations seems to make this possible if I understand the exploit correctly.  Not a good day for ETH

 

This is also something different and is what the industry refers to as “layer 2” in which protocols that want volume of the big coins will try and get people to trade BTC and ETH on their altcoin protocol layer so they “wrap” the legit BTC and ETH and tell people you can trade those coins on our ecosystem, but it is entirely not the same thing as just waiting for the original transaction on BTC or ETH blockchain. That is what can easily be abused. Basically just use base layers for each transaction protocol, don’t trust any wrapped tokens. If you want to buy some NFT or asset and you need to use wrapped tokens - make the trade and get out. DO NOT STORE ANYTHING ON EXCHANGES. I think of exchanges as icky and only to be used when you want to trade or go to and from cash. Other than that, just hold your tokens on a hardware wallet. This does limit my ability to invest in some tokens that are not supported on hardware wallets, but that’s fine I’m making the calculated low risk decision. 

Userlevel 6
Badge

@TylerM Would be interesting to hear your thoughts on FTX I had a small amount with them but not enough to get worried about, there are so many different opinions about what happened with FTX, would be nice to hear yours. Thanks

Reply