Connect with us

Hi, what are you looking for?

Investing

Security Firm CertiK Detects $5M Security Flaw in Cross-Chain Bridge Wormhole

Security firm CertiK said it has detected and prevented a flaw in the cross-chain bridge Wormhole which could have resulted in $5 million worth of losses.

In a social media post, CertiK said its research team found a critical bug in Wormhole — an incorrect application of the public and entry modifiers exposing the blockchain to potential multimillion-dollar exploits.

This case study not only underscores the critical role of proactive security practices but also celebrates the power of open source software in raising security and transparency standards across the Web3 world.

— CertiK (@CertiK) May 13, 2024

In a short video explainer, CertiK runs through how it detected the flaw in the network. CertiK said this case study not only underscores the critical role of proactive security practices but also celebrates the power of open-source software in raising security and transparency standards across the Web3 world.

Wormhole supports the transfer of tokens and data across different blockchain networks. The crypto project was spun off by Jump Trading Group and is one of the most popular bridges linking the Ethereum and Solana blockchains.

Wormhole Experienced the Largest DeFi Attack in 2022

In 2022, Wormhole lost about $321 million in an exploit. Hackers compromised Wormhole Bridge leading to 120,000 wETH loss from the platform, equivalent to $321 million. It was the largest DeFi attack of 2022 and the hacker swapped wETH tokens with Ethereum, SOL, USDC, APE, SX, etc.

An investigation conducted by pseudonymous researcher Pland, detailed in an X post on April 4th, revealed that the Wormhole team overlooked excluding several wallet addresses associated with the exploit that drained $321 million in crypto from the cross-chain bridge.

Chainalysis said to understand why the 2022 attack was more serious than the average hack, it is important to know how cross-chain bridges work.

“Users interact with cross-chain bridges by sending funds in one asset to the bridge protocol, where those funds are then locked into the contract. The user is then issued equivalent funds of a parallel asset on the chain the protocol bridges to. In the case of Wormhole, users typically send Ether (ETH) to the protocol, where it is held as collateral, and are issued WeETH on Solana, backed by that collateral locked in the Wormhole contract on Ethereum,” — Chainalysis: Lessons from the Wormhole Exploit.

April Sees Lowest Crypto Hacks Since 2021

April 2024 saw the lowest combined losses from crypto-related hacks and scams, with CertiK reporting approximately $25.7 million lost to exploits, hacks, and scams.

This latest figure marks the lowest recorded hacks since CertiK began tracking such incidents in 2021, as flash loan attacks and private critical hacks decreased.

The post Security Firm CertiK Detects $5M Security Flaw in Cross-Chain Bridge Wormhole appeared first on Cryptonews.

You May Also Like

Editor's Pick

Real gross domestic product rose at a revised 3.2 percent annualized rate in the third quarter versus a 0.6 percent rate of decline in...

Editor's Pick

For years the North Korean playbook was obvious to the world. The Democratic People’s Republic of Korea wanted to be the center of attention....

Editor's Pick

After the final lecture of my Fall 2022 International Economic Policy course (an undergraduate offering meant to introduce non-economics majors to the economics of...

Editor's Pick

In Risky Business: Why Insurance Markets Fail and What to Do About It (Yale University Press, 2023), economists Liran Einav (Stanford), Amy Finkelstein (MIT),...



Disclaimer: impactofincome.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


Copyright © 2024 impactofincome.com