Wormhole Network Signature Validation Loophole

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Wormhole Network

Wormhole Finance is a decentralized bridge between multiple chains including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis. A decentralized network of 19 guardians secure the bridge. An attacker exploited a signature verification vulnerability in the smart contract hot wallet for the Ethereum to Solana bridge. This was used to mint 120k worth of wrapped ethereum, which was unwrapped to redeem for ethereum. The hackers were offered a $10m bounty to return the funds, and a $10m bounty is available for any information to lead to their arrest or the return of the funds. So far the hackers have not responded.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33]

About Wormhole Network

[34][35][36][37]

"The best of blockchains. Move information and value anywhere." "Wormhole is a generic message passing protocol that connects to multiple chains including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis." "The foundation that an ecosystem of apps is built on top of." "Apps can now live across chains at once and integrate the best of each."

"Wormhole SDK integrates your project with our generic messaging layer. Wormhole SDK makes it easier than ever for teams, apps, protocols, and users to move value seamlessly across networks without fees." "Six high-value networks, two centralized exchanges, and 19 dexes. Anyone in the community can add new networks to the protocol and build the future of blockchain."

"Wormhole is built to be trust-minimized from the ground up with a group of six networks secured by 19 equally weighted guardians in the core layer." "Send your message to Wormhole. The Guardian network observes the transaction. Quorum is achieved in seconds. Guardians make your attested message publicly available. Access your message on a different chain."

"Wormhole is a decentralized, cross-chain message passing protocol. It enables applications to send messages from one chain to another. The network is operated by a decentralized group of nineteen Guardians who sign each transmitted message to attest to its authenticity. The protocol uses a multi-party signature system where a message is treated as authentic if ⅔+ of the Guardians have signed it."

"Portal is a token bridge constructed on top of the Wormhole network. Portal enables users to deposit funds into a contract on a source chain, then mint a Wormhole-wrapped version of the token on a destination chain. The minting function requires a Wormhole-authenticated message from the source chain contract. This check ensures that Wormhole-wrapped tokens are backed 1:1 by tokens in the source chain contract."

"The Guardians are also responsible for governing the Wormhole network. Upgrades to the protocol and contracts require a supermajority vote of Guardians."

"Chicago-based Jump Trading acquired Certus One, the developer behind Wormhole, in August [2021]."


The Reality

"Wormhole had a loophole... A hacker distorted the fabric of Solana's space-time, netting $326M in the process. How did Wormhole return so much ETH so fast?" "The Wormhole network lost about $320 million in cryptocurrency funds after a novel vulnerability was exploited on February 2."


"As software developer Matthew Garrett observed on Twitter, the code upload was described as if it were a run-of-the-mill version update but actually contained extensive changes — a fact that could have tipped off the attacker to the fact that it was a disguised security fix."

"Look commits that claim to just be a version number bump and which then actually contain code are a fucking *huge* red flag that this is a security critical fix that you don't want to admit to."

"Open-source code commits show that code that would have fixed this vulnerability was written as early as January 13th and uploaded to the Wormhole GitHub repository on the day of the attack. Just hours later, the vulnerability was exploited by the hacker, suggesting that the updates had not yet been applied to the production application."

"Apparently, the vulnerability had already been detected and fixed in the code that interoperates between wormhole and Solana, but the fix had not yet been deployed to wormhole. This allowed the attacker to exploit vulnerable, deprecated code to accomplish their theft. This is reassuring in one way (the problem had already been detected and addressed) but disturbing in another (despite the available fix, the vulnerability was not blocked)."


"Open-source code commits show that code that would have fixed this vulnerability was written as early as January 13th and uploaded to the Wormhole GitHub repository on the day of the attack. Just hours later, the vulnerability was exploited by the hacker, suggesting that the updates had not yet been applied to the production application."

What Happened

CoinDesk reports that Wormhole appears to have suffered a potential exploit, with on-chain analysts pointing to an 80,000 ETH transaction to an address holding over $250 million worth of ETH[38].

"On Feb 2, 2022, an attacker exploited a signature verification vulnerability in the Wormhole network to mint 120k Wormhole-wrapped Ether on Solana. These tokens were not backed by Ether deposits on the Ethereum side of the Portal bridge. The attacker then bridged 93,750 of these tokens to Ethereum, withdrawing the unwrapped Ether from the contract."

"The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience."

"[A] signature verification vulnerability was exploited. The perpetrator targeted wETH tokens on Solana that were not tied to Ethereum deposits, bridging them to Ether in order to steal them."


Wormhole, a bridge on the Solana network, was exploited by a hacker who managed to net $326 million. The attacker manipulated the bridge to credit 120,000 ETH as a deposit on Ethereum, allowing them to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. The exploit involved bypassing Wormhole's guardians, taking advantage of a discrepancy in the verification process, and fraudulently minting whETH. The hacker then bridged a portion of the stolen funds back to Ethereum, while liquidating the remaining whETH into USDC and SOL on Solana. The Wormhole team offered the hacker a bug bounty of $10 million to return the minted tokens, but there has been no response thus far. This incident highlights security concerns around cross-chain protocols and the risks associated with newer networks like Solana.[39]

The Wormhole token bridge facilitates transfers between Ethereum and Solana, suffered a security exploit resulting in the loss of 120,000 wETH tokens (worth $321 million). It is the largest crypto hack of 2022 so far and the second largest DeFi hack to date. The hacker minted wETH on Solana and then redeemed a portion of it for ETH on Ethereum. Some of the stolen funds were used to purchase other cryptocurrencies. The Wormhole team has offered a $10 million bug bounty for the return of the funds. There are concerns that the bridge to Terra may also be vulnerable[40][41].

Key Event Timeline - Wormhole Network Signature Validation Loophole
Date Event Description
February 2nd, 2022 8:19:15 AM MST Ethereum Test Transaction It appears that the attacker completes some sort of test transaction to wrap and transfer ethereum[42][43].
February 2nd, 2022 11:24:13 AM MST Unknown TBD
February 2nd, 2022 11:26:03 AM MST Ethereum Exploit Transaction The exploiter appears to transfer 10,000 ETH to themselves through the Wormhole smart contract[42][44].
February 2nd, 2022 11:48:48 AM MST Ethereum Exploit Transaction An on-chain transfer for 80,000 ethereum occurs from the Wormhole Smart contract to the exploiter's wallet[42][45].
February 2nd, 2022 2:13:31 PM MST Speculation of Solana Exploit According to a Twitter user nicknamed Robot Data, it "looks like the wormhole exploiter is wrecking havoc on the solana side too"[46]
February 2nd, 2022 2:30:52 PM MST CoinDesk Article Published CoinDesk reports that Wormhole appears to have suffered a potential exploit, with on-chain analysts pointing to an 80,000 ETH transaction to an address holding over $250 million worth of ETH[38]. The project's official Twitter confirmed the investigation of a potential exploit, leading to the bridge being temporarily unavailable[38]. The hacker also kept 40,000 ETH on Solana, raising concerns in DeFi circles as it could mean that bridged ETH to Solana is unbacked[38]. The Wormhole team has reportedly already reached out to the exploiter's Ethereum address, offering a $10 million bounty for returning the funds[38]. A total loss of 120,000 ETH was confirmed, and the team mentioned adding funds to backstop the wrapped ETH on Solana without specifying the source of the funds[38].
February 2nd, 2022 6:18:43 PM MST CoinTelegraph Article Published CoinTelegraph reports that the Wormhole token bridge, which facilitates transfers between Ethereum and Solana, suffered a security exploit resulting in the loss of 120,000 wETH tokens (worth $321 million). It is the largest crypto hack of 2022 so far and the second largest DeFi hack to date. The hacker minted wETH on Solana and then redeemed a portion of it for ETH on Ethereum. Some of the stolen funds were used to purchase other cryptocurrencies. The Wormhole team has offered a $10 million bug bounty for the return of the funds. There are concerns that the bridge to Terra may also be vulnerable. This incident highlights the security risks associated with token bridges and the need for robust security measures in the crypto ecosystem. [40][41]
February 3rd, 2022 9:07:00 AM MST Rekt Article Published Rekt reports that Wormhole, a bridge on the Solana network, was exploited by a hacker who managed to net $326 million[39][47]. The attacker manipulated the bridge to credit 120,000 ETH as a deposit on Ethereum, allowing them to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. The exploit involved bypassing Wormhole's guardians, taking advantage of a discrepancy in the verification process, and fraudulently minting whETH. The hacker then bridged a portion of the stolen funds back to Ethereum, while liquidating the remaining whETH into USDC and SOL on Solana. The Wormhole team offered the hacker a bug bounty of $10 million to return the minted tokens, but there has been no response thus far. This incident highlights security concerns around cross-chain protocols and the risks associated with newer networks like Solana.
May 26th, 2022 Whitehat Hall of Fame "The first custom-designed whitehat card was minted to whitehat Satya0x on May 26, 2022, to recog[n]ize his critical bug find in Wormhole, for which he received a $10 million payment. That figure is currently the largest bug bounty ever paid out in history. You can read more details about how he responsibly disclosed that bug here."[48]

Technical Details

On-chain transaction: [42][43][44][45]


"On Feb 2, 2022, an attacker exploited a signature verification vulnerability in the Wormhole network to mint 120k Wormhole-wrapped Ether on Solana. These tokens were not backed by Ether deposits on the Ethereum side of the Portal bridge. The attacker then bridged 93,750 of these tokens to Ethereum, withdrawing the unwrapped Ether from the contract."


"Wormhole had a loophole... A hacker distorted the fabric of Solana's space-time, netting $326M in the process. How did Wormhole return so much ETH so fast?" "The Wormhole network lost about $320 million in cryptocurrency funds after a novel vulnerability was exploited on February 2."

"The Wormhole hack exploited vulnerabilities in a novel element of crypto technology known as a cross-chain bridge, which allows investors to switch back and forth between digital currencies built on separate blockchains. Some DeFi platforms facilitate these conversions to help people capitalize on trading opportunities; a trader who owns lots of Ether, for example, might want to use an application on another currency’s blockchain without having to sell the Ether and buy the other currency." "This Meter hack took the shape of the previous Wormhole breach some days ago. In the attack, the hackers stole more than $320 million in wETH."


"[A] signature verification vulnerability was exploited. The perpetrator targeted wETH tokens on Solana that were not tied to Ethereum deposits, bridging them to Ether in order to steal them."

“The theft was allowed because of a rather common programming error. The function inside of the multiple nested smart contracts which was supposed to verify the signature was not coded to ensure the integrity check actually happened. So there was no integrity guaranteed in the integrity check.”

"The hackers pulled off the theft by using an earlier transaction to create a signatureset, which is a type of credential. With this, they created a VAA, or validator action approval, which is essentially a certificate needed for approving transactions."

"In a nutshell, the attacker forged the signature on a transaction in wormhole, then submitted the invalid transaction to the Solana (CRYPTO:SOL) network as a valid one, which allowed the fraudulent minting of a large number of ETH tokens on the Solana network. They then transferred many of those tokens to a digital wallet on the Ethereum network."


"Apparently, the vulnerability had already been detected and fixed in the code that interoperates between wormhole and Solana, but the fix had not yet been deployed to wormhole. This allowed the attacker to exploit vulnerable, deprecated code to accomplish their theft. This is reassuring in one way (the problem had already been detected and addressed) but disturbing in another (despite the available fix, the vulnerability was not blocked)."

"Open-source code commits show that code that would have fixed this vulnerability was written as early as January 13th and uploaded to the Wormhole GitHub repository on the day of the attack. Just hours later, the vulnerability was exploited by the hacker, suggesting that the updates had not yet been applied to the production application."


"There has been a lot of confusion however how the Wormhole hack had happened. I want to [summarize] and explain how the hack worked, for non-technical audiences. To create wETH on their chain, Solana checks that there is a valid signature, and that the signature comes from a Guardian. Proper usage means there is a valid signature (Correct) from a guardian (Correct). These two conditions match, and so request is approved. They expected an attacker would issue an invalid signature (Incorrect) from a guardian (Correct). These two conditions do not match, so the request is denied. The hack The attacker issued an invalid signature (Incorrect) from a non-guardian (Incorrect). **But these conditions match: incorrect matches incorrect**. So the request is APPROVED (!!) and the ETH was stolen on the Solana network. The Ethereum network successfully processed a withdraw, because Solana told Ethereum "it's all good, this is legit", but Solana's logic for determining whether it is good was flawed."


"The stolen funds consisted of 120,000 wrapped Ether (wETH), a form of standardized token that represents a variety of cryptocurrency types and allows them to be traded directly. It is unclear where the funds the victims were reimbursed with came from, but Wormhole has pledged to back wETH one-for-one with the Ethereum network’s Ether coin going forward."

"The hacker then exchanged 93,750 wETH for Ethereum and changed the remainder for Solana, which they've left untouched in their Solana wallet."

"Due to the nature of cross-chain applications, the attack temporarily left a huge deficit between the amount of wrapped Ethereum and regular Ethereum held in the Wormhole bridge."

Speculation About Solana Hack

According to a Twitter user nicknamed Robot Data, it "looks like the wormhole exploiter is wrecking havoc on the solana side too"[46]

[49]

Total Amount Lost

The total amount lost has been estimated at $321,942,000 USD.

"The stolen funds consisted of 120,000 wrapped Ether (wETH), a form of standardized token that represents a variety of cryptocurrency types and allows them to be traded directly. It is unclear where the funds the victims were reimbursed with came from, but Wormhole has pledged to back wETH one-for-one with the Ethereum network’s Ether coin going forward."

"The hacker then exchanged 93,750 wETH for Ethereum and changed the remainder for Solana, which they've left untouched in their Solana wallet."

Immediate Reactions

"In a tweet, the project’s official Twitter handle confirmed that the bridge is currently down while the team investigates a potential exploit, and the official website simply reads, “Portal is Temporarily Unavailable.”

Protocol Taken Offline

"[A] post from the Wormhole Twitter account announced that the network was being taken “down for maintenance” while a potential exploit was investigated. A later post from Wormhole confirmed the hack and the amount stolen."

"The wormhole network is down for maintenance as we look into a potential exploit. We will provide updates here as soon as we have them. Thank you for your patience."


"The stolen funds consisted of 120,000 wrapped Ether (wETH), a form of standardized token that represents a variety of cryptocurrency types and allows them to be traded directly. It is unclear where the funds the victims were reimbursed with came from, but Wormhole has pledged to back wETH one-for-one with the Ethereum network’s Ether coin going forward."

"The hacker then exchanged 93,750 wETH for Ethereum and changed the remainder for Solana, which they've left untouched in their Solana wallet."


"To prevent further exploits, Wormhole node operators temporarily stopped relaying messages from on-chain contracts, then upgraded the contract to fix the vulnerability."

"Jump Crypto has recapitalized the contract to ensure that all Wormhole-wrapped Ether on every chain is fully backed. The Wormhole network is back online and fully operational as of 13:29 UTC, Feb 3, 2022. The total duration of the incident was approximately 16 hours."

Bug Bounty For Attacker

"Certus One contacted the hacker(s) as soon as the software problem was fixed, offering them a $10 million bug bounty if they work collaboratively to restore the stolen ETH. There is also a $10 million reward available to anyone else who can provide details that lead to the arrest and conviction of the hacker."

"Similar to previous large-scale DeFi hacks, potential victims and donation-seekers have begun to send the hacker on-chain messages through Ethereum transactions. These have ranged from small transfers of worthless tokens or those seeking donations using blockchain names such as “hackerplsdonate.eth” to get the hacker’s attention. One individual claimed to have lost $100,000 in the hack."

Ultimate Outcome

"Wormhole says that the vulnerability has been patched and that all funds have been restored, and that the project will be backing funds one-for-one with Ether going forward." "This incident was deeply problematic, since it resulted in exploitation and financial losses to the company that released the software, but investor funds have been restored."


"The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience."


"The company is also offering a bounty of $10 million for information leading to the arrest of the responsible party or recovery of the stolen funds, and has announced that it will be launching an ongoing bug bounty program on Immunefi sometime this month that will offer maximum bounties of $3.5 million for disclosure of new vulnerabilities."

"A $10,000,000 reward is offered for any information leading to the arrest and conviction of those responsible for the hack of Wormhole on February 2, 2022, or the recovery of the stolen assets. The $10,000,000 whitehat offer remains open for the timely return of the funds."


"As hacks go, this one was handled quickly, and because the ETH tokens were replaced by Jump Trading, no investor funds were lost."

The project's official Twitter confirmed the investigation of a potential exploit, leading to the bridge being temporarily unavailable[38]. The hacker also kept 40,000 ETH on Solana, raising concerns in DeFi circles as it could mean that bridged ETH to Solana is unbacked[38]. The Wormhole team has reportedly already reached out to the exploiter's Ethereum address, offering a $10 million bounty for returning the funds[38]. A total loss of 120,000 ETH was confirmed, and the team mentioned adding funds to backstop the wrapped ETH on Solana without specifying the source of the funds[38].

Whitehat Hall of Fame

ImmuneFi made the decision in May 2022 to feature the whitehat hacker in their hall of fame on their website[48].

The first custom-designed whitehat card was minted to whitehat Satya0x on May 26, 2022, to recog[n]ize his critical bug find in Wormhole, for which he received a $10 million payment. That figure is currently the largest bug bounty ever paid out in history. You can read more details about how he responsibly disclosed that bug here.

The whitehat card legend for the Satya0x card, left to right:

  • Summoner: Well-written bug report
  • Skull: Project could have been devastated by this bug
  • Impact of attack: 9
  • Ease of Defense: 2

Total Amount Recovered

There do not appear to have been any funds recovered in this case.


"As hacks go, this one was handled quickly, and because the ETH tokens were replaced by Jump Trading, no investor funds were lost."

"The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience."

Ongoing Developments

What parts of this case are still remaining to be concluded?


"Wormhole says that the vulnerability has been patched and that all funds have been restored, and that the project will be backing funds one-for-one with Ether going forward." "This incident was deeply problematic, since it resulted in exploitation and financial losses to the company that released the software, but investor funds have been restored."


"Certus One contacted the hacker(s) as soon as the software problem was fixed, offering them a $10 million bug bounty if they work collaboratively to restore the stolen ETH. There is also a $10 million reward available to anyone else who can provide details that lead to the arrest and conviction of the hacker."

"The company is also offering a bounty of $10 million for information leading to the arrest of the responsible party or recovery of the stolen funds, and has announced that it will be launching an ongoing bug bounty program on Immunefi sometime this month that will offer maximum bounties of $3.5 million for disclosure of new vulnerabilities."

"A $10,000,000 reward is offered for any information leading to the arrest and conviction of those responsible for the hack of Wormhole on February 2, 2022, or the recovery of the stolen assets. The $10,000,000 whitehat offer remains open for the timely return of the funds."

Individual Prevention Policies

Individuals need to exercise care in ensuring that funds are only stored with platforms that have undergone proper validation for security. The majority of funds should be stored securely offline.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Further validation prior to launch would likely have caught the issue. (In fact, it was known already at the time of the exploit.) While a platform is still under development, most funds could be stored in a multi-signature treasury, limiting the amount which would be able to be stolen. An industry insurance fund could be effective at providing relief for victims.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Further validation prior to launch would likely have caught the issue. (In fact, it was known already at the time of the exploit.) An industry insurance fund could be effective at providing relief for victims.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. https://www.cpomagazine.com/cyber-security/defi-project-hacked-for-320-million-in-crypto-wormhole-network-compromised-by-previously-unknown-vulnerability/ (Feb 15, 2022)
  2. Wormhole Incident Report 02 02 22 (Feb 15, 2022)
  3. Explorer | Solana (Feb 15, 2022)
  4. https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 21, 2021)
  5. The Wormhole Hack Was a Close Call for Investors | The Motley Fool (Feb 15, 2022)
  6. Cryptocurrency platform Wormhole restores funds after suffering $320 million hack - CBS News (Feb 15, 2022)
  7. @wormholecrypto Twitter (Feb 15, 2022)
  8. https://www.cnbc.com/video/2022/02/07/wormhole-network-hack-named-fourth-biggest-crypto-hack-of-all-time.html (Feb 15, 2022)
  9. Wormhole cryptocurrency platform hacked for $325 million after error on GitHub - The Verge (Feb 15, 2022)
  10. @wormholecrypto Twitter (Feb 15, 2022)
  11. @mjg59 Twitter (Feb 15, 2022)
  12. Jump Trading replaces stolen Wormhole funds after $320 mln crypto hack | Reuters (Feb 15, 2022)
  13. @JumpCryptoHQ Twitter (Feb 15, 2022)
  14. $325 Million Stolen from Wormhole DeFi Service (Feb 15, 2022)
  15. Crypto Bridge Wormhole Replenished After Hack for $320M in Ethereum - Decrypt (Feb 15, 2022)
  16. Solscan (Feb 15, 2022)
  17. @samczsun Twitter (Feb 15, 2022)
  18. How $323M in crypto was stolen from a blockchain bridge called Wormhole | Ars Technica (Feb 15, 2022)
  19. https://fortune.com/2022/02/03/hackers-steal-320-million-crypto-wrapped-ether-wormhole-defi-project/ (Feb 15, 2022)
  20. Wormhole Network Hack Named Fourth Biggest Crypto Hack of All Time (Feb 15, 2022)
  21. Crypto Worth Over $320 Million Taken in Wormhole Hack (Feb 15, 2022)
  22. Calling a Hack an Exploit Minimizes Human Error (Mar 10, 2022)
  23. Wormhole Network Faces Exploit, Loses $216 Million to Hackers - CoinQuora (Mar 20, 2022)
  24. Technology of the future : Buttcoin (Mar 23, 2022)
  25. Solana Suffers Dip Following $322M Wormhole Hack - Crypto Briefing (Mar 23, 2022)
  26. https://coin.fyi/news/solana/here-s-how-98k-eth-was-stolen-on-solana-explained-like-you-re-five-sj7ba7 (Mar 23, 2022)
  27. Ethereum [ETH]: Here's How 98k ETH Was Stolen On Solana, Explained Like You're Five - PumpDumpCoin.com (Mar 23, 2022)
  28. Here's how 98k ETH was stolen on Solana (Mar 23, 2022)
  29. Solana's Wormhole bridge gets hacked for $200 million (80K ETH) | CryptoSlate (Mar 23, 2022)
  30. The $320m Wormhole hack was "replenished" by Jump Capital, an institutional trading desk/market maker (similar to Citadel) without any questions. This shows the entire Solana ecosystem is just a sham propped up by institutional entities : Cry... (Oct 12, 2022)
  31. The Crypto World Is on Edge After a String of Hacks - The New York Times (Nov 30, 2022)
  32. Wormhole Hack: Lessons From The Wormhole Exploit (Nov 30, 2022)
  33. Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace (Dec 12, 2022)
  34. https://wormholenetwork.com/ (Feb 15, 2022)
  35. https://wormholenetwork.com/buidl/ (Feb 15, 2022)
  36. Introduction - Wormhole (Feb 15, 2022)
  37. The Wormhole Crypto Network Explained - YouTube (Feb 15, 2022)
  38. 38.0 38.1 38.2 38.3 38.4 38.5 38.6 38.7 38.8 38.9 Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M - CoinDesk (Jan 9, 2023)
  39. 39.0 39.1 Rekt - Wormhole - REKT (Feb 8, 2022)
  40. 40.0 40.1 Wormhole token bridge loses $321M in largest hack so far in 2022 - CoinTelegraph (Feb 14, 2022)
  41. 41.0 41.1 Wormhole token bridge loses $321M in largest hack so far in 2022 - CoinTelegraph Archive February 2nd, 2022 6:22:43 PM MST (Jul 14, 2023)
  42. 42.0 42.1 42.2 42.3 Attacker's Wallet Transactions - EtherScan (Nov 16, 2023)
  43. 43.0 43.1 Attacker Test Transaction - Etherscan (Nov 16, 2023)
  44. 44.0 44.1 Transfer of 10,000 ETH From Wormhole Smart Contract to the exploiter - EtherScan (Nov 16, 2023)
  45. 45.0 45.1 Transfer of 80,000 ETH From The Wormhole Smart Contract To The Exploiter - EtherScan (Nov 16, 2023)
  46. 46.0 46.1 Robot Dad - "Okay this is too interesting to stay away. Looks like the wormhole exploiter is wrecking havoc on the solana side too." - Twitter Archive February 2nd, 2022 2:13:31 PM MST (Nov 16, 2023)
  47. RektHQ - "Wormhole had a loophole… A hacker distorted the fabric of Solana's space-time, and netted $326M in the process. Less than 24 hours later, and the funds have been replaced. Where did @Wormholecrypto find $326M?" - Twitter (Jul 14, 2023)
  48. 48.0 48.1 Whitehat Hall of Fame - ImmuneFi (Jan 10, 2023)
  49. Linked Solana Transaction Speculated To Be Related - SolScan (Nov 16, 2023)

Cite error: <ref> tag with name "cryptopolitan-6431" defined in <references> is not used in prior text.