Security company CertiK has uncovered a $5 million security flaw in the cross-chain bridge known as Wormhole. The flaw was detected and prevented by CertiK’s research team, who identified a critical bug in Wormhole that could have potentially led to multimillion-dollar losses. This bug was caused by an incorrect application of public and entry modifiers, leaving the blockchain vulnerable to exploitation.
In a social media post, CertiK explained how they detected the flaw in Wormhole and emphasized the importance of proactive security measures. They also highlighted the significance of open-source software in enhancing security and transparency within the Web3 community.
Wormhole is a platform that facilitates the transfer of tokens and data between different blockchain networks. Initially launched by Jump Trading Group, it has become one of the most widely used bridges connecting Ethereum and Solana blockchains.
In 2022, Wormhole experienced a significant DeFi attack, resulting in a loss of approximately $321 million. Hackers exploited the Wormhole Bridge, causing a loss of 120,000 wETH tokens worth $321 million. This incident was identified as the largest DeFi attack of the year, as the hacker exchanged wETH tokens for Ethereum, SOL, USDC, APE, SX, among others.
An investigation conducted by a pseudonymous researcher named Pland revealed that the Wormhole team had overlooked excluding certain wallet addresses associated with the exploit. This oversight allowed the hackers to drain $321 million from the cross-chain bridge.
To understand the severity of the 2022 attack, Chainalysis emphasized the importance of understanding how cross-chain bridges operate. In April 2024, CertiK reported the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to various exploits. This decline in hacks and scams was attributed to a decrease in flash loan attacks and critical private hacks.
Follow Us on Google News.