Difference between revisions of "Wormhole (W)"

From CryptoWiki

m (1 revision imported)
Line 10: Line 10:
* From the [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 introduction post] (10-8-2021):
* From the [https://wormholecrypto.medium.com/introducing-wormhole-32b16d795c01 introduction post] (10-8-2021):


[[Chorus One]], [[Staked (Company)|Staked.us]], P2P Validator, triton.one, [[Certus One]], [[Everstake]], Chainode Tech, ChainLayer, Staking Fund, [[Dokia Capital|Dokia]], [[01node|01Node]], Moonlet, Inotel, [[Figment Networks|Figment]], [[Staking Facilities]], [[HashQuark]], Forbole, Syncnode and Smith MCF.
[[Chorus One]], [[Staked (Company)|Staked.us]], P2P [[Validator]], triton.one, [[Certus One]], [[Everstake]], Chainode Tech, ChainLayer, [[Staking]] Fund, [[Dokia Capital|Dokia]], [[01node|01Node]], Moonlet, Inotel, [[Figment Networks|Figment]], [[Staking Facilities]], [[HashQuark]], Forbole, Syncnode and Smith MCF.
==Audits & Exploits==
==Audits & Exploits==
*[[Bug bounty]] program can be found [insert here].
*[[Bug bounty]] program can be found [insert here].
===Bugs/Exploits===
===Bugs/Exploits===


* [https://rekt.news/wormhole-rekt/ From] [[Rekt]] (3-2-2022):
* Wormhole uninitialized proxy [https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a disclosed], $10 million bounty paid (21-5-2022).
 
*[https://rekt.news/wormhole-rekt/ From] [[Rekt]] (3-2-2022):


''"Minutes after [[samczsun]] pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later [https://twitter.com/samczsun/status/1488974372756987906 addressed] directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just [https://twitter.com/wormholecrypto/status/1489232008521859079 been restored].''
''"Minutes after [[samczsun]] pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later [https://twitter.com/samczsun/status/1488974372756987906 addressed] directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just [https://twitter.com/wormholecrypto/status/1489232008521859079 been restored].''


''The Wormhole was manipulated into crediting 120k [[Ethereum (ETH)|ETH]] as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in [[Wrapped Tokens|wrapped]] whETH (Wormhole ETH) on Solana. 93,750 ETH was bridged back to Ethereum over the course of 3 transactions where it still [https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es remains] in the hacker’s [[wallet]]. The remaining ~36k whETH were liquidated on Solana into USDC and SOL."''
''The Wormhole was manipulated into crediting 120k [[Ethereum (ETH)|ETH]] as having been deposited on [[Ethereum]], allowing for the hacker to mint the equivalent in [[Wrapped Tokens|wrapped]] whETH (Wormhole ETH) on [[Solana]]. 93,750 ETH was [[bridged]] back to Ethereum over the course of 3 [[transactions]] where it still [https://solscan.io/tx/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es remains] in the hacker’s [[wallet]]. The remaining ~36k whETH were liquidated on Solana into [[USDC]] and SOL."''
[[Category:Companies/Organisations]]
[[Category:Companies/Organisations]]

Revision as of 09:25, 30 May 2022

Basics

Guardians

Chorus One, Staked.us, P2P Validator, triton.one, Certus One, Everstake, Chainode Tech, ChainLayer, Staking Fund, Dokia, 01Node, Moonlet, Inotel, Figment, Staking Facilities, HashQuark, Forbole, Syncnode and Smith MCF.

Audits & Exploits

Bugs/Exploits

  • Wormhole uninitialized proxy disclosed, $10 million bounty paid (21-5-2022).

"Minutes after samczsun pointed out that there was a problem, the Wormhole team stated that the network was simply “down for maintenance” whilst investigating a “potential exploit” The exploit was later addressed directly, with a bold promise to restore the funds .Less than 24 hours later, and the backing has just been restored.

The Wormhole was manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana. 93,750 ETH was bridged back to Ethereum over the course of 3 transactions where it still remains in the hacker’s wallet. The remaining ~36k whETH were liquidated on Solana into USDC and SOL."