Cryptocurrency portal, Wormhole, is out over $300 million after a hacker stole the funds on February 2nd, 2022. The fourth-largest crypto heist to date, the hackers were able to exploit the network and steal roughly 120,000 wETH. The hacker then transferred most of the counterfeit cryptocurrency to the Ethereum blockchain. Upon discovering the theft, Wormhole patched the exploit.
Wormhole is a network that allows users to transfer their cryptocurrency between different blockchains. Tokens are placed in a smart contract when departing a blockchain, and then the tokens are minted in a Wormhole wrapped token on the blockchain they were transferred to.
The hacker was able to exploit the system by tricking Wormhole into thinking a contract had been created and that the tokens needed to be sent to the Solana blockchain. To do so, the hacker first spoofed the entirety of the wrapped instructions. The funds were able to bypass full verification, netting the hacker the hefty sum of nearly $330 million. The situation would have been avoidable if Wormhole had taken the time to validate all input accounts properly.
Of course, since the contract was falsified, the funds were taken directly from Wormhole. The cryptocurrency portal is attempting to communicate with the hacker via an Ethereum transaction on the hacker’s account. Currently, Wormhole is offering the hacker $10 million in exchange for returning the funds and explaining how the hack was done.Despite the threat of hackers to blockchains, more and more companies are showing interest. Azure games recently invested in a blockchain-based metaverse. Likewise, Gala Games and C2 Ventures have placed $100 million in a blockchain metaverse fund. Of course, Hackers are a threat to more than just cryptocurrency. In October 2021, Twitch was the victim of a significant hack involving source code and client information leaking.