Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bitcoin

Over $320 Million Stolen In Hack of Blockchain Platform Wormhole (cnet.com) 73

An anonymous reader quotes a report from CNET: Hackers have stolen more than $324 million in cryptocurrency from Wormhole, the developers behind the popular blockchain bridge confirmed Wednesday. The platform provides a connection that allows for the transfer of cryptocurrency between different decentralized-finance blockchain networks. Wormhole said in a series of tweets Wednesday afternoon that thieves made off with 120,000 wETH, or wrapped Ethereum, worth nearly $324 million at current exchange rates. The platform's network was also taken offline for maintenance. This is one of the largest crypto thefts of all time and the second-largest theft from a DeFi service, blockchain analysis firm Elliptic said in a statement. UPDATE: All $320 million in funds have been restored.
This discussion has been archived. No new comments can be posted.

Over $320 Million Stolen In Hack of Blockchain Platform Wormhole

Comments Filter:
  • Gee (Score:5, Insightful)

    by nagora ( 177841 ) on Thursday February 03, 2022 @08:05AM (#62233335)

    It's almost as if the whole concept of blockchain-as-currency is flawed.

    Your money is free from government interference. It's also free to thieves.

    • Re: (Score:2, Interesting)

      The problem is much more nuanced than that. Most of these blockchains, Solana, Ethereum, Polkadot - they are being developed by very smart, young coders like a startup company. The mantra "move fast and break things" is all over the place. It's about shipping early, being the first, and grabbing market share quickly, in the hopes of building momentum and winning the endgame. They are building these things like a social network.

      So most of this stuff is practically in Beta. In development and testing, and sec

      • Re:Gee (Score:4, Insightful)

        by Known Nutter ( 988758 ) on Thursday February 03, 2022 @08:51AM (#62233429)
        That's a lot of words to say that the whole concept is flawed.
      • Re:Gee (Score:4, Insightful)

        by Anonymous Coward on Thursday February 03, 2022 @09:25AM (#62233511)

        This is why I'm a fan of Cardano. As far as I'm concerned, Cardano is the only Layer-1 general purpose blockchain where grown-ups are in control and that is following due scientific process.

        Please. The entire concept of "smart" contracts is flawed from the ground up; Cardano is just as susceptible to bad contract code as any other cryptocurrency out there, and that code stays there in the blockchain, forever, once minted. It's not magic.

        The only reason you don't hear a lot about Cardano hacks is that no one really uses it.

        • Re: (Score:2, Informative)

          Please. The entire concept of "smart" contracts is flawed from the ground up; Cardano is just as susceptible to bad contract code as any other cryptocurrency out there, and that code stays there in the blockchain, forever, once minted. It's not magic.

          Mathematically verifiable code thanks to Haskell and functional programming. Some sources:
          https://medium.com/@cardano.fo... [medium.com]
          https://testnets.cardano.org/e... [cardano.org]
          https://iohk.io/en/blog/posts/... [iohk.io]

          The only reason you don't hear a lot about Cardano hacks is that no one really uses it.

          Cardano Ecosystem interactive map:
          https://www.cardanocube.io/car... [cardanocube.io]

          Any other FUD I can help you with?

          • by Anonymous Coward

            Haskell is Turing-complete, bub. The fact that it is a functional programming language makes no difference.

            • Haskell is Turing-complete, bub. The fact that it is a functional programming language makes no difference.

              You don't understand functional programming. Got it.
              By the way, pure functional programming as it works with Haskell is not the same as using Streams and Optional in Java.

              • by DarkOx ( 621550 )

                It does not matter actually. All that mathematically verifiable does gives is the ability to asset that unknowns states do not occur.

                It says absolutely nothing about your having correctly modeled real world. As an example lets say you provide some perfectly correct crypto-currency-blockchain interface modules that I use to build an ATM.

                I still have to do some stuff
                1) Check I have enough cash in the drawer
                2) transfer the coin from your wallet to mine
                3) dispense the cash/packaged cupcake/whatever

                There is sti

          • Re:Gee (Score:5, Insightful)

            by nagora ( 177841 ) on Thursday February 03, 2022 @11:17AM (#62233883)

            You seem very naive. I honestly can't say much more than that. Everything you've posted here boils down to "there's a magic solution". But there isn't.

            DOAs, crypo-currencies, NFTs. They're all scams. They might not have been designed as scams, but they have become so because of bad actors at every level of the process. Mathematically verifiable code just isn't relevant to the problem. Greed is the problem and Haskell doesn't have a function for that.

      • Re:Gee (Score:5, Insightful)

        by lilTimmy ( 6807660 ) on Thursday February 03, 2022 @09:26AM (#62233515)
        That's a lot of words to basically do an advertisement. That's why I use Cardano, 9 out of 10 doctors agree that Cardano will reduce the effects of again and bring a spring back to your step. Cardano, doctor approved, mother loved.
        • Advertisements are typically based on fantasies. I own ADA, Cardano's native currency, and I promote Cardano where appropriate, because I am convinced that it is the most advanced blockchain and because I see all of the benefits that such a system can bring to societies. I'm a computer scientist and I'm also speaking from first hand experience, having dabbled in various blockchains.
          If you have to be cynical about people speaking their mind and expressing their convictions, so be it.

          • Re:Gee (Score:5, Insightful)

            by nagora ( 177841 ) on Thursday February 03, 2022 @11:20AM (#62233887)

            Advertisements are typically based on fantasies. I own ADA, Cardano's native currency, and I promote Cardano where appropriate, because I am convinced that it is the most advanced blockchain and because I see all of the benefits that such a system can bring to societies.

            Name one.

            • If you're really interested, you could start with this:
              https://www.youtube.com/watch?... [youtube.com]

              Then if you want to go deeper:
              https://www.youtube.com/watch?... [youtube.com]

              • Didn't watch either video, but the first is a 2014 TED talk about how blockchain is "about to revolutionise property rights, banking, remote education, private law and crowd-funding for the developing world". Still waiting...
              • by nagora ( 177841 )

                I'll have a watch over the weekend but fundamentally the thing that is missed, and I don't expect either of those videos to address it, is that the blockchain is a problem in its own right. Whatever goes in there, stays there. THAT is not a good thing in the face of abuse and fraud, not to mention blackmail and defamation.

                "Code is law" is another example. That's a bad idea in a world full of incompetent coders - and no programming language will protect you from them. It's also a bad idea in a world of malic

          • by jythie ( 914043 )
            Kinda sounds like you are admitting it is flawed in the exact same ways as any other block chain, but has go faster stripes painted on it.
      • by DarkOx ( 621550 )

        Cardano has been moving slower than the other blockchains, but the track record speaks for itself. No hacks, no lost transactions, no lost funds, no restarts of the network.

        I don't think you can say that. People used to crow about how gnu/linux was so free of malware - turned out to have mostly to do with nobody was paying attention. Once it got big and took over the server space, the malware and hacks appeared.

        Ultimately theft and fraud are social problems and there will not be a technical solution to it. Even if they systems and software were prefect crypto coins will still be misappropriated through phishing and uttering the way the vast majority of wire and bank fraud o

        • I don't think you can say that. People used to crow about how gnu/linux was so free of malware - turned out to have mostly to do with nobody was paying attention. Once it got big and took over the server space, the malware and hacks appeared.

          True. Mostly due to nobody paying attention. HOWEVER, there was a bit of extra security due to the fact that Linux doesn't run users as ROOT by default. Windows, for most of its history, did exactly that.

          Windows was insecure by design. Linux was insecure (sometimes) due to bugs and programming errors. There is a difference.

          • That may have been accurate with windows 95/98, but WinNT based OSes have the same Non privileged user by default. There's also shit tons of warnings should you try to install unsigned (i.e. no paper trail) software. If the same users used *nix, there would be the same issues (they click yes to shady software)
            • That may have been accurate with windows 95/98, but WinNT based OSes have the same Non privileged user by default. There's also shit tons of warnings should you try to install unsigned (i.e. no paper trail) software. If the same users used *nix, there would be the same issues (they click yes to shady software)

              Bullshit. I ran Windows NT 4.0, XP, and Win 7. What was my user level? Administrator.. Just like 99.9% of the other fuckers on the planet using the same OS.

              Almost the ONLY time people ran those Operating Systems as a "regular user" was in shared computer situations. i.e Shared family PC where maybe Mom or Dad had the admin account and everybody else was a peon or on corporate networks.

      • >why do people place so much trust in these protocols?
        Part of it is people these days are hosed. The economic system failed to provide a job market where people actually get a worthwhile paycheck, so your choices are either to live way below your means, or grab any straw that gives any hope of financial freedom
        • by jythie ( 914043 )
          Which is how scams work in general. Find a group that is desperate, or believes it is desperate, and propose a magical solution that doesn't actually address any problems but promises to put them on the OTHER side of a broken system.
        • Part of it is people these days are hosed. The economic system failed to provide a job market where people actually get a worthwhile paycheck

          What a load of socialist bullshit.

          so your choices are either to live way below your means, or grab any straw that gives any hope of financial freedom

          Which is precisely what socialism does. FALSE HOPE.

          We could spend hours going over the legal / societal changes that have resulted in us being where we are now, but the socialist always takes the LAZY way out and blames the market and capitalism.

          These aren't simple problems that can be explained with simple word bites.

          One tiny example: Seattle hasn't approved the construction of a multi-family dwelling, inside city limits, in 20 years. I.e. In arguably one of the mo

          • I don't know what a socialist is because I don't namecall people as a form of argument. I was not specifically blaming the market or "capitalism", I was blaming the whole system, government, job market, the economy. To put it quite simply, my parents and their parents were able to buy a house and support a family at a fraction of the cost the current market asks for. I don't care who to blame or what name I choose to call someone, it wouldn't change that fact.

            In such an environment, as I said people are
            • I don't know what a socialist is because I don't namecall people as a form of argument.

              Point to where I called you ANYTHING. Anything at all.

              Socialism is a form of government/society. To define something as SOCIALIST is not name calling, you over-sensitive SNOWFLAKE (that's name calling).

              At best, you can claim that I called your WORDS "socialist bullshit".

              You're not an adult and you are not ready for adult discussions. Jesus H. Christ, you're one step above "Mommy! He's calling me mean names!!"

              Fuck off back to your basement.

              • Wow, did you forget to take your chill medicine? Yes, you were name calling *as a form of argument*.

                I explained in detail why people would fall for scams, your counter-argument was "SOCALIST". This is exactly how children argue, grown ups first off don't get angry over an internet discussion, and second don't care to label WORDS or PEOPLE. It adds NOTHING to the table.
              • It's true. You suddenly implied that he was socialist by making such arguments. Nobody even remotely mentioned socialism until you brought It up.
      • Re: (Score:3, Insightful)

        by Fly Swatter ( 30498 )
        According to the website: "Cardano is a blockchain platform for changemakers, innovators, and visionaries..." - So not for normal people.

        So it's not a currency, but you can stake them some money and earn 'interest'. Their tokens are called ADA - um the 'American with Disabilities Act'?

        The entire website is all buzzwords and feel good promises but no actual description of WHY I would want to use it or HOW it would benefit me over an already established financial system.

        If it is just getting started,
      • by tlhIngan ( 30335 )

        So most of this stuff is practically in Beta. In development and testing, and security and safety is not a primary goal. Most teams probably don't even have the right people to do things like security assessments, quality control, code audits, validation... they are not interested in that.

        So this is the sate of affairs. And yet people pour billions into these protocols that were developed in this manner. It's really no huge surprise there are hacks left and right. But the question is why do people place so

    • It's almost as if the whole concept of blockchain-as-currency is flawed.

      If something is worth stealing, then that means it has value. Mind you, some thieves are rather deficient in deciding what is worth risking their freedom. If they were really skilled at effort-free diversion of funds, they would be bankers.

      • If something is worth stealing, then that means it has value.

        Which has nothing to do with the overall concept of cryptocurrencies being flawed. All DVD copies of Gigli in the world have marginal value, but those would not serve well as currency either.

        PS, quoting this hack in US dollars is misleading. They took 120,000 ETH, not cash.

    • It's almost as if the whole concept of blockchain-as-currency is flawed.

      Your money is free from government interference. It's also free to thieves.

      How is that any different from cash?

      • by nagora ( 177841 )

        As was said by the AC, there are new and and special attack vectors with many Cyrptos. But additionally, it is very hard to undo errors because there is no authority and that is compounded by a lack of regulation. There is also zero privacy, so the transactions are not really free from government interference in the sense that everything you do can be traced forever if at any point identifying information gets into the blockchain (from where it can't be removed). And not just the government - anyone can loo

  • Stolen? (Score:5, Interesting)

    by Lisandro ( 799651 ) on Thursday February 03, 2022 @08:10AM (#62233343)

    Looks to me the Solana smart contracts for Wormhole worked exactly as programmed. Code is law, right? Also, i'm presuming no exchanges will reject trades with these tokens? You know, with decentralization and all.

    Anyway, the timing for this "hack" is super weird. It happened an hour after Wormhole submitted a fix for the vulnerability used in the exploit [github.com], but before that change actually materialized in tokens - which could very well mean an inside job.

    • Re:Stolen? (Score:4, Interesting)

      by AmiMoJo ( 196126 ) on Thursday February 03, 2022 @09:05AM (#62233463) Homepage Journal

      The thief was probably watching various repos for commits related to security, and as soon as they saw that one they exploited it before the fix was deployed to production. Rookie mistake there.

      They have offered the thief $10m for the return of the currency. Seems risky, as they will need to provide some contact details to get the cash. Better off just laundering it with NFTs I think.

      • Honestly, i don't think this is an exploit you can engineer in a couple hours.

        • It can be exploited pretty quickly when the vulnerability is intentionally included from the start. These aren't "hacks".

  • by smooth wombat ( 796938 ) on Thursday February 03, 2022 @08:23AM (#62233373) Journal

    Another hack of cryptocurrency.

    The fun never ends.

  • by Applehu Akbar ( 2968043 ) on Thursday February 03, 2022 @08:29AM (#62233379)

    It is as though a million ransomware operators were screaming Russian curses and hurling empty vodka bottles at their servers.

  • Quick! We need a new buzzword to remedy the situation!
  • by Tx ( 96709 )

    The $10 million bug bounty and white hat deal offered to the hacker if he returns the stolen coins seems like a good deal. Yes, it's a lot less than $325 million, but actually getting away with that amount without getting traced is not going to be that easy. I'd take the ten million free and clear.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Has the hacker broke any laws, or did he just hurt the Wormhole developers feelings? As someone noted above, the Solana smart contracts implemented by Wormhole worked exactly as designed.

      All the hacker needs is to go through a couple ETH tumblers and cash out now. Why would you turn your back on $315mil?

    • Re:Good deal (Score:4, Interesting)

      by DarkOx ( 621550 ) on Thursday February 03, 2022 @10:08AM (#62233659) Journal

      I don't think a twitter post is going to hold up in court as a contract. The theif has no reason to trust these people won't sue him anyway if he comes forward and makes the return. Not like people reporting vulns have never been gone after...

      Also its pure myth in most jurisdictions the victim has to 'press charges' a prosecutor could easily decided to go after the perp anyway even if he does return the property as requested. TBH I don't know why a prosecutor would not do so - do we want a precedent that you can go around doing what are basically electronic bank heists but as long as you give most of it back you get a nice little payday without consequence? - Sure I can see why the victim might prefer that outcome but is it in the public's interest?

  • by Ed_1024 ( 744566 ) on Thursday February 03, 2022 @08:58AM (#62233441)

    1. Set up crypto-something using other peoples money.
    2. Tell them you got hacked.
    3. Profit!!

    No need for a ??? step...

  • Now, now... (Score:5, Funny)

    by rantrantrant ( 4753443 ) on Thursday February 03, 2022 @09:29AM (#62233523)
    ...restrain yourselves. Don't gloat over crypto-bros & true believers getting fleeced so spectacularly. Try to show a little sympathy.
    • Slash dot recently had a long thread discussing the ethics of ridiculing people who engage the in inexcusably or willfully stupid behavior. About 90 percent of the commenter, myself included, felt that ridicule was often justified, for a variety of reasons. This situation definitely falls in that category.
    • Try to show a little sympathy.

      I think I am a fairly generous person regarding different views and ways of life, but I have serious difficulty sympathising with people coming to grief because of their greed. You may assume that my philosophy is not of the Gordon Gecko variety. I love a bit of schadenfreude in the afternoon, don't you?

  • Another day, another 'hack' that played by all the rules. web3 is going just great [web3isgoinggreat.com].

  • All of these DeFi problems are caused by people caught up in old paradigms and trying to drag tired old world concepts into the blockchain. With a proper trans-scarce intrinsic nil-value token like NADA [keybase.pub], you don't have to worry about anybody "stealing" because the blockchain defines ownership and the legal structure explicitly rejects off-chain concerns. And with trans-scarcity, it's easier to get over your losses. Trans-scarcity helps you to go beyond the idea that it matters if anybody else has more than
  • I can't seem to find a website that's aggregating all the cryptocurrency hacks, heists, and thefts that make the news. Do you know of a list?

    I'd like to see just how much has been lost in this totally-not-a-speculative-scam financial system.

    • by eepok ( 545733 )

      Of course, there's a Wiki page... https://en.wikipedia.org/wiki/... [wikipedia.org]

      Just looking at their exchange heist list and including the one in the Slashdot article above, we're looking at $6,176,500,000 of losses due to exchange hacks and heists since 2015.

  • Can you really say the money was "stolen"?

    If you leave a pile of money in your front yard overnight and wake to find it gone, I suppose it's technically stealing but, you do kinda deserve it for being so reckless.

    We need a new word to cover this. Maybe Darwinned?

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...