Wormhole - REKT

Wormhole had a loophole…

A hacker distorted the fabric of Solana's space-time, netting $326M in the process.

In the second bridge exploit in less than a week, Solana's Wormhole goes straight to 2nd place on our leaderboard.

Minutes after samczsun pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit”.

The exploit was later addressed directly, with a bold promise to restore the funds:

The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1.

Less than 24 hours later, and the backing has just been restored.

Where did Wormhole find $326M?

Credit: @samczsun, @gf_256, @ret2jazzy, @kelvinfichter

Attacker address: 0x629e7da20197a5429d30da36e77d06cdf796b71a

The Wormhole, Solana’s bridge, was manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana.

1: Using a SignatureSet created in a previous transaction, the attacker was first able to bypass Wormhole’s ‘guardians’ - (put in place to verify transfers between chains), and call ‘verify_signatures on the main bridge.

2: The ‘verify_signatures’ function of the contract then delegates the actual verification of the ‘SignatureSet’ to a separate Secp256k1 program. Due to a discrepancy between ‘solana_program::sysvar::instructions’ (a precompile of sorts) and the ‘solana_program’ Wormhole was using, the contract didn’t correctly verify the address being provided, and the attacker was able to provide an address containing just 0.1 Eth.

3: Using an account created hours earlier with a single serialised instruction corresponding to the Sep256k1 contract, the attacker was able to fake the ‘SignatureSet’, call ‘complete_wrapped’ and fraudulently mint 120k whETH on Solana using VAA verification that had been created in a previous transaction.

4: 93,750 ETH was bridged back to Ethereum over the course of 3 transactions, (one, two, three) where it still remains in the hacker’s wallet. The remaining ~36k whETH were liquidated on Solana into USDC and SOL.

An on-chain message was sent to the hacker from Certus One, the team behind the Wormhole bridge:

This is the Wormhole Deployer:

We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at contact@certus.one.

A $10M bug bounty is the biggest we’ve seen.

Keep your innocence, plus $10M, or go on the run with $326M.

Which would you choose?

As Wormhole have yet to receive any response to their offer, it seems the attacker has chosen the criminal route…

We spoke to the founders of Wormhole, and asked how they managed to replace so much ETH so quickly.

After waiting for some time, they would only tell us that they are currently writing a more detailed incident report.

It’s not been a good start to the year for Solana.

The last few months has seen the network experience a number of outages and disruptions. However, in the recent January crash, users were unable to top up their collateral and avoid liquidation, with oracle issues leading to further erroneous liquidations.

That being said, Solana is not yet the battle-hardened network that Ethereum has grown to be. Every exploit, for all the damage it does, offers a lesson for how to secure an evolving ecosystem. Newer L1s are thrown into the deep end, into a world of veteran exploiters where they will either sink or learn to swim.

Given the seriousness of this incident, along with the Qubit exploit last week and last summer’s mammoth attack on Poly Network, Vitalik Buterin seems to have been proven right about his recent security concerns around cross-chain protocols.

In the race across the cryptoverse to reach experimental and more lucrative opportunities, many are willing to trust in newer tech. But when one of these gateways fails, the damage done can be immense.

It remains to be seen whether the future of DeFi will be cross-chain or ‘multi-chain’, but either way, the journey there will be long and dangerous.

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.