This is a story about how a simple software bug enabled the fourth largest crypto heist in history.
Hackers stole more than $323 million in cryptocurrency by exploiting a vulnerability in Wormhole, a web-based service that enables cross-blockchain transactions. Wormhole allows people to move digital currencies linked to one blockchain to a different blockchain; These blockchain bridges are particularly useful for decentralized finance (DeFi) services that operate on two or more chains, often with very different protocols, rules, and processes.
A toothless guardian
use of bridges wrapped chips, which locks tokens on a blockchain in a smart contract. After a decentralized cross-chain oracle called a “keeper” certifies that coins have been properly locked on one chain, the bridge mints or releases tokens of the same value on the other chain. Wormhole bridges the Solana blockchain with other blockchains including Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra.
But what if you can’t trust the guardian? TO extensive analysis posted on Twitter a few hours after the heist said that Wormhole’s back-end platform was unable to properly validate their tutor accounts. By creating a fake guardian account, the hacker or hackers behind the heist minted 120,000 ETH coins—worth approximately $323 million at the time of the transactions— on the Solana chain. Then the pirates made a Serie from transfers which placed around 93,750 tokens in a private wallet stored on the Ethereum chain, blockchain analytics firm Elliptic saying.
The hackers accomplished the theft by using a previous transaction to create a set of signatures, which is a type of credential. With this, they created a VAA, or Validator Action Approval, which is essentially a certificate needed to approve transactions.
“Once they had the fake ‘signature set,’ it was trivial to use it to generate a valid VAA and activate an unauthorized mint on their own account,” someone using the Twitter handle @samczsun wrote. “The rest is history. tl;dr: Wormhole failed to properly validate all input accounts, allowing the attacker to spoof the keepers’ signatures and mint 120,000 ETH on Solana, of which they connected 93,750 to Ethereum.”
tl;dr: Wormhole failed to properly validate all input accounts, allowing the attacker to spoof keepers’ signatures and mint 120,000 ETH on Solana, of which 93,750 connected back to Ethereum.
– samczsun (@samczsun) February 3, 2022
The loot is the fourth largest crypto heist of all time, according to is Statista roundup, just behind the $480 million stolen from Mt. Gox in 2014, the $547 million stolen from Coincheck in 2018, and the $611 million stolen from Polynetwork last year (this record amount was later returned by the thief) .
In 2021, cryptocurrency theft losses totaled $10.5 billion, according to ellipticalcompared to 1,500 million dollars the previous year.
A non-trivial challenge
The Wormhole hack took some blockchain security experts by surprise. The challenge of writing software that interacts with multiple strings safely is not trivial, and only a limited number of tools and techniques can test the robustness of the code.
“Bridge building inherits all the complexity of each blockchain,” Dan Guido, CEO of security firm Trail of Bits, said in a message. “They look deceptively simple, but they are actually among the most difficult codes to write.”
Compounding the difficulty, the new hack came shortly after a recent change was made to some of the software involved.
“The bridge did not expect users to be able to send a signature set, as the change to facilitate that was recent in the Solana runtime,” Guido explained. “By submitting their own signature data, an attacker short-circuited a signature verification that allowed them to take possession of a large number of tokens.”
In an email, Dane Sherret, Solution Architect for Bug Reporting Service HackerOne, explained it this way:
verify_signaturesfunction that is supposed to take the cryptographic signatures of the gatekeepers and bundle them together. Despite its name,
verify_signaturesdoesn’t actually verify itself, it uses the
secp256k1Native program in Solana. The version of the solana program that Wormhole was using did not properly verify the address, allowing the hacker to create an account that could bypass all controls.
Through the steps above, the hacker was able to bypass the signature checks and get the ETH into Ethereum, which meant that over a period of time, some of the wETH [the wrapped ETH on Solana] it wasn’t actually backed by anything.
This trick is hard to understand because it was started on the Solana blockchain, which uses the Rust programming language for its smart contracts. As Ethereum uses the Solidity programming language for its smart contracts, it is an example of how new networks, with different idiosyncrasies and different languages, now communicate with each other, making security even more difficult.
Cross-chain applications also present other risks. in a mail Writing last month, Ethereum co-founder Vitalik Buterin warned that the “fundamental security limits of bridges” made them vulnerable to a different class of blockchain exploit known as 51% attack.
Also known as a majority attack, a 51% attack allows a malicious party that obtains more than 50% of the hash power in a blockchain to reverse previously made transactions, block confirmation of new transactions, and change the order of new transactions. . That opens the door to something known as double spending, a trick that allows the attacker to make two or more payments with the same currency tokens. Buterin wrote:
I don’t expect these problems to appear immediately. 51% attacking even a chain is difficult and expensive. However, the greater the use of cross-chain bridges and applications, the worse the problem. Nobody will attack 51% of Ethereum just to steal 100 Solana-WETH (or, for that matter, 51% will attack Solana just to steal 100 Ethereum-WSOL). But if there is 10 million ETH or SOL on the bridge, then the motivation to carry out an attack becomes much higher, and it is possible for large groups to coordinate to make the attack happen. So cross-chain activity has an anti-network effect: while it doesn’t happen much, it’s pretty safe, but the more it happens, the more the risks increase.
Meanwhile, the demand for blockchain interoperability continues to grow, likely making security challenges more vexing. Both Guido and Sherret advised bridge operators to take proactive steps to prevent similar attacks in the future. Such steps include completing multiple security audits and putting only limited functionality on network allow lists until developers are confident in a feature’s maturity and security.