Wormhole

Quick Summary

The Wormhole bridge was compromised by an attacker that bypassed the verification process and made away with 120,000 $WETH.


Details of the Exploit




1. The attacker minted 120,000 wETH on Solana:
https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es

2. The attacker redeemed 93,750 wETH for ETH worth $254 million onto the Ethereum:
https://etherscan.io/tx/0x24c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14
3. The hacker used some funds to buy SportX ($SX), Meta Capital ($MCAP), Finally Usable Crypto Karma ($FUCK), and Bored Ape Yacht
Club Token ($APE), the example transactions:
https://etherscan.io/tx/0x8ab3c4adab6d1a21ec1fcd7dc96523e7dada92d1373ee6919aa6b10b51ebe8d1
https://etherscan.io/tx/0x697869218add15e019f7a1904b7c3b435f9048ec3bcb9c84cf23e64916a41add
https://etherscan.io/tx/0x6f17f122dca10e9c894af3766d93e97c08f8925eb3a20b894b810edb3d029ed0
https://etherscan.io/tx/0x57a48345888cbfb2d442f272c6fd9d38f57f6f5608c00c4978860eea7dc927c

4. The remaining wETH was swapped for SOL and USDC on Solana. The hacker’s Solana wallet currently holds 432,662 SOL ($44
million):
https://solscan.io/account/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka#splTransfers

Probably the issue was in the signature verification process. So it lead to an unverified call by the attacker.

Investors were made whole by Jump Trading the mother company behind the wormhole bridge that replenished the stolen ETH.




Block Data Reference

The attacker's addresses:
https://etherscan.io/address/0x629e7da20197a5429d30da36e77d06cdf796b71a
https://solscan.io/account/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka