Connect with us

Hi, what are you looking for?

Economy

Security Firm CertiK Detects $5M Security Flaw in Cross-Chain Bridge Wormhole

Security firm CertiK said it has detected and prevented a flaw in the cross-chain bridge Wormhole which could have resulted in $5 million worth of losses.

In a social media post, CertiK said its research team found a critical bug in Wormhole — an incorrect application of the public and entry modifiers exposing the blockchain to potential multimillion-dollar exploits.

This case study not only underscores the critical role of proactive security practices but also celebrates the power of open source software in raising security and transparency standards across the Web3 world.

— CertiK (@CertiK) May 13, 2024

In a short video explainer, CertiK runs through how it detected the flaw in the network. CertiK said this case study not only underscores the critical role of proactive security practices but also celebrates the power of open-source software in raising security and transparency standards across the Web3 world.

Wormhole supports the transfer of tokens and data across different blockchain networks. The crypto project was spun off by Jump Trading Group and is one of the most popular bridges linking the Ethereum and Solana blockchains.

Wormhole Experienced the Largest DeFi Attack in 2022

In 2022, Wormhole lost about $321 million in an exploit. Hackers compromised Wormhole Bridge leading to 120,000 wETH loss from the platform, equivalent to $321 million. It was the largest DeFi attack of 2022 and the hacker swapped wETH tokens with Ethereum, SOL, USDC, APE, SX, etc.

An investigation conducted by pseudonymous researcher Pland, detailed in an X post on April 4th, revealed that the Wormhole team overlooked excluding several wallet addresses associated with the exploit that drained $321 million in crypto from the cross-chain bridge.

Chainalysis said to understand why the 2022 attack was more serious than the average hack, it is important to know how cross-chain bridges work.

“Users interact with cross-chain bridges by sending funds in one asset to the bridge protocol, where those funds are then locked into the contract. The user is then issued equivalent funds of a parallel asset on the chain the protocol bridges to. In the case of Wormhole, users typically send Ether (ETH) to the protocol, where it is held as collateral, and are issued WeETH on Solana, backed by that collateral locked in the Wormhole contract on Ethereum,” — Chainalysis: Lessons from the Wormhole Exploit.

April Sees Lowest Crypto Hacks Since 2021

April 2024 saw the lowest combined losses from crypto-related hacks and scams, with CertiK reporting approximately $25.7 million lost to exploits, hacks, and scams.

This latest figure marks the lowest recorded hacks since CertiK began tracking such incidents in 2021, as flash loan attacks and private critical hacks decreased.

The post Security Firm CertiK Detects $5M Security Flaw in Cross-Chain Bridge Wormhole appeared first on Cryptonews.

You May Also Like

Investing

Newmont (NYSE: NEM) reported mixed financial results even as the price of gold approached its all-time high. In all, the company’s earnings per share...

Investing

Fisker (NYSE: FSR) stock price has been one of the best-performing electric vehicle (EV) stocks this week even as Tesla slumped. The shares jumped...

Investing

NatWest (LON: NWG) share price rose sharply, helped by the strong results from Barclays. The stock jumped to a high of 274.8p, which was...

Investing

The Fox Corporation (NASDAQ: FOX) stock price has been under pressure as investors come to terms with the abrupt firing of Tucker Carlson. The...




Disclaimer: Oldamericanbroker.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the-company.


Copyright © 2024 Oldamericanbroker.com