Wormhole hack is the latest crypto heist. We are now seeing signs that a major exploit in the Wormhole protocol, which enables users to move their assets and NFTs between Solana and Ethereum, has occurred.
“ETH will be added over the next hours to ensure wETH is backed 1:1,” it posted on Twitter, adding: “We are working to get the network back up quickly.”
How did the Wormhole hack happen?
On Wednesday, Wormhole tweeted that the network was “down for maintenance” owing to a “possible exploit.” But by then, samczsun’s discovery revealed that the exploit was genuine.
“We noticed that you were able to exploit the Solana VAA verification and mint tokens. We’d want to offer you a whitehat agreement and pay you $10 million for exploit information, as well as return the wETH you’ve generated.” This is what Wormhole’s purported message on the Ethereum blockchain says.
The term “VAA” refers to a transaction’s validation action approval, which is the process by which transactions are authorized.
‼️ The wormhole network is down for maintenance as we look into a potential exploit.
📢 We will provide updates here as soon as we have them.
🙏 Thank you for your patience.
— Wormhole (@wormhole) February 2, 2022
When the hacker accepts the message and replies, Wormhole understands that they were acting in good faith. In return, it will pay them $10 million for reporting a security hole. It wants its $250 million back, though.
Biggest crypto-heists of 2021
Wormhole not only connects Ethereum and Solana, but it also interacts with Avalanche, Binance Smart Chain, Oasis, Polygon, and Terra. It enables users of one chain to exchange “wrapped” assets for others on a different chain in order to take advantage of cheaper fees or alternative applications across networks.
To deposit their Ethereum into Solana, they must first put it inside a smart contract and then exchange WETH for Solana-based tokens. They may then trade WETH for Solana-based tokens if they so choose. If the message preceding is accurate, the hacker was able to short-circuit this by minting WETH without keeping ETH locked up.
