Over $320 Million Stolen In Hack of Blockchain Platform Wormhole (cnet.com) 73
An anonymous reader quotes a report from CNET: Hackers have stolen more than $324 million in cryptocurrency from Wormhole, the developers behind the popular blockchain bridge confirmed Wednesday. The platform provides a connection that allows for the transfer of cryptocurrency between different decentralized-finance blockchain networks. Wormhole said in a series of tweets Wednesday afternoon that thieves made off with 120,000 wETH, or wrapped Ethereum, worth nearly $324 million at current exchange rates. The platform's network was also taken offline for maintenance. This is one of the largest crypto thefts of all time and the second-largest theft from a DeFi service, blockchain analysis firm Elliptic said in a statement. UPDATE: All $320 million in funds have been restored.
Gee (Score:5, Insightful)
It's almost as if the whole concept of blockchain-as-currency is flawed.
Your money is free from government interference. It's also free to thieves.
Re: (Score:2, Interesting)
The problem is much more nuanced than that. Most of these blockchains, Solana, Ethereum, Polkadot - they are being developed by very smart, young coders like a startup company. The mantra "move fast and break things" is all over the place. It's about shipping early, being the first, and grabbing market share quickly, in the hopes of building momentum and winning the endgame. They are building these things like a social network.
So most of this stuff is practically in Beta. In development and testing, and sec
Re:Gee (Score:4, Insightful)
Re:Gee (Score:4, Insightful)
"they are being developed by very smart, young coders"
Knowing how to code does not make one "smart". These coders are obviously reckless and inexperienced, and not very smart.
"In development and testing, and security and safety is not a primary goal."
No shit sherlock. It's also not a smart thing to do when creating a system that handles hundreds of millions of easily stolen money. It directly lead to this debacle.
The rest of your screed is just a commercial for some kind of crypto you're personally involved with. It's going to be hilarious when your crypto gets stolen. I wish I could see the look on your face when it does.
Re: (Score:3)
To add to this, there's a critical facet that is totally missed in talking about the fundamental problem: you don't need to 'hack' a coin to compromise. Organizations are doing 'custodial wallets' including sharing a common wallet amongst several people, tracking the proportional owners of each wallet off-ledger. If a crypto-currency is somehow flawless and perfect at it's core technical level, doesn't matter because organizations will just set up convoluted schemes that will instead be at risk.
Like in 19
Re: (Score:2, Insightful)
You have to be smart to work in crypto. This is not easy stuff.
Now if they are wise, that is an entirely different question.
It's really impossible to have a sensible discussion about crypto on Slashdot without being overrun by the cynical anti-crypto mob and modded into oblivion. I don't know or understand why and when everyone became so cynical and hostile towards new ideas at the cutting edge of technology. Least of all on Slashdot. The supposedly "news for nerds" site. This place has changed so much, for
Re:Gee (Score:4, Insightful)
This is why I'm a fan of Cardano. As far as I'm concerned, Cardano is the only Layer-1 general purpose blockchain where grown-ups are in control and that is following due scientific process.
Please. The entire concept of "smart" contracts is flawed from the ground up; Cardano is just as susceptible to bad contract code as any other cryptocurrency out there, and that code stays there in the blockchain, forever, once minted. It's not magic.
The only reason you don't hear a lot about Cardano hacks is that no one really uses it.
Re: (Score:2, Informative)
Please. The entire concept of "smart" contracts is flawed from the ground up; Cardano is just as susceptible to bad contract code as any other cryptocurrency out there, and that code stays there in the blockchain, forever, once minted. It's not magic.
Mathematically verifiable code thanks to Haskell and functional programming. Some sources:
https://medium.com/@cardano.fo... [medium.com]
https://testnets.cardano.org/e... [cardano.org]
https://iohk.io/en/blog/posts/... [iohk.io]
The only reason you don't hear a lot about Cardano hacks is that no one really uses it.
Cardano Ecosystem interactive map:
https://www.cardanocube.io/car... [cardanocube.io]
Any other FUD I can help you with?
Re: (Score:1)
Haskell is Turing-complete, bub. The fact that it is a functional programming language makes no difference.
Re: (Score:1)
Haskell is Turing-complete, bub. The fact that it is a functional programming language makes no difference.
You don't understand functional programming. Got it.
By the way, pure functional programming as it works with Haskell is not the same as using Streams and Optional in Java.
Re: (Score:2)
Of course Haskell is Turing complete, otherwise it wouldn't be a real programming language. What's your point?
You're just throwing buzzwords around pretending you know what your talking about. Troll someone else.
Re: (Score:2)
It does not matter actually. All that mathematically verifiable does gives is the ability to asset that unknowns states do not occur.
It says absolutely nothing about your having correctly modeled real world. As an example lets say you provide some perfectly correct crypto-currency-blockchain interface modules that I use to build an ATM.
I still have to do some stuff
1) Check I have enough cash in the drawer
2) transfer the coin from your wallet to mine
3) dispense the cash/packaged cupcake/whatever
There is sti
Re:Gee (Score:5, Insightful)
You seem very naive. I honestly can't say much more than that. Everything you've posted here boils down to "there's a magic solution". But there isn't.
DOAs, crypo-currencies, NFTs. They're all scams. They might not have been designed as scams, but they have become so because of bad actors at every level of the process. Mathematically verifiable code just isn't relevant to the problem. Greed is the problem and Haskell doesn't have a function for that.
Re:Gee (Score:5, Insightful)
Re: (Score:2)
Advertisements are typically based on fantasies. I own ADA, Cardano's native currency, and I promote Cardano where appropriate, because I am convinced that it is the most advanced blockchain and because I see all of the benefits that such a system can bring to societies. I'm a computer scientist and I'm also speaking from first hand experience, having dabbled in various blockchains.
If you have to be cynical about people speaking their mind and expressing their convictions, so be it.
Re:Gee (Score:5, Insightful)
Advertisements are typically based on fantasies. I own ADA, Cardano's native currency, and I promote Cardano where appropriate, because I am convinced that it is the most advanced blockchain and because I see all of the benefits that such a system can bring to societies.
Name one.
Re: (Score:2)
If you're really interested, you could start with this:
https://www.youtube.com/watch?... [youtube.com]
Then if you want to go deeper:
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:3)
Re: (Score:3)
I'll have a watch over the weekend but fundamentally the thing that is missed, and I don't expect either of those videos to address it, is that the blockchain is a problem in its own right. Whatever goes in there, stays there. THAT is not a good thing in the face of abuse and fraud, not to mention blackmail and defamation.
"Code is law" is another example. That's a bad idea in a world full of incompetent coders - and no programming language will protect you from them. It's also a bad idea in a world of malic
Re: (Score:3)
Re: (Score:2)
Cardano has been moving slower than the other blockchains, but the track record speaks for itself. No hacks, no lost transactions, no lost funds, no restarts of the network.
I don't think you can say that. People used to crow about how gnu/linux was so free of malware - turned out to have mostly to do with nobody was paying attention. Once it got big and took over the server space, the malware and hacks appeared.
Ultimately theft and fraud are social problems and there will not be a technical solution to it. Even if they systems and software were prefect crypto coins will still be misappropriated through phishing and uttering the way the vast majority of wire and bank fraud o
Re: (Score:2)
I don't think you can say that. People used to crow about how gnu/linux was so free of malware - turned out to have mostly to do with nobody was paying attention. Once it got big and took over the server space, the malware and hacks appeared.
True. Mostly due to nobody paying attention. HOWEVER, there was a bit of extra security due to the fact that Linux doesn't run users as ROOT by default. Windows, for most of its history, did exactly that.
Windows was insecure by design. Linux was insecure (sometimes) due to bugs and programming errors. There is a difference.
Re: Gee (Score:2)
Re: (Score:1)
That may have been accurate with windows 95/98, but WinNT based OSes have the same Non privileged user by default. There's also shit tons of warnings should you try to install unsigned (i.e. no paper trail) software. If the same users used *nix, there would be the same issues (they click yes to shady software)
Bullshit. I ran Windows NT 4.0, XP, and Win 7. What was my user level? Administrator.. Just like 99.9% of the other fuckers on the planet using the same OS.
Almost the ONLY time people ran those Operating Systems as a "regular user" was in shared computer situations. i.e Shared family PC where maybe Mom or Dad had the admin account and everybody else was a peon or on corporate networks.
Re: Gee (Score:3)
Part of it is people these days are hosed. The economic system failed to provide a job market where people actually get a worthwhile paycheck, so your choices are either to live way below your means, or grab any straw that gives any hope of financial freedom
Re: (Score:3)
Re: (Score:2)
Part of it is people these days are hosed. The economic system failed to provide a job market where people actually get a worthwhile paycheck
What a load of socialist bullshit.
so your choices are either to live way below your means, or grab any straw that gives any hope of financial freedom
Which is precisely what socialism does. FALSE HOPE.
We could spend hours going over the legal / societal changes that have resulted in us being where we are now, but the socialist always takes the LAZY way out and blames the market and capitalism.
These aren't simple problems that can be explained with simple word bites.
One tiny example: Seattle hasn't approved the construction of a multi-family dwelling, inside city limits, in 20 years. I.e. In arguably one of the mo
Re: (Score:2)
In such an environment, as I said people are
Re: (Score:2)
I don't know what a socialist is because I don't namecall people as a form of argument.
Point to where I called you ANYTHING. Anything at all.
Socialism is a form of government/society. To define something as SOCIALIST is not name calling, you over-sensitive SNOWFLAKE (that's name calling).
At best, you can claim that I called your WORDS "socialist bullshit".
You're not an adult and you are not ready for adult discussions. Jesus H. Christ, you're one step above "Mommy! He's calling me mean names!!"
Fuck off back to your basement.
Re: Gee (Score:2)
I explained in detail why people would fall for scams, your counter-argument was "SOCALIST". This is exactly how children argue, grown ups first off don't get angry over an internet discussion, and second don't care to label WORDS or PEOPLE. It adds NOTHING to the table.
Re: Gee (Score:2)
Re: (Score:3, Insightful)
So it's not a currency, but you can stake them some money and earn 'interest'. Their tokens are called ADA - um the 'American with Disabilities Act'?
The entire website is all buzzwords and feel good promises but no actual description of WHY I would want to use it or HOW it would benefit me over an already established financial system.
If it is just getting started,
Re: (Score:2)
Re: (Score:3)
It's almost as if the whole concept of blockchain-as-currency is flawed.
If something is worth stealing, then that means it has value. Mind you, some thieves are rather deficient in deciding what is worth risking their freedom. If they were really skilled at effort-free diversion of funds, they would be bankers.
Re: (Score:2)
If something is worth stealing, then that means it has value.
Which has nothing to do with the overall concept of cryptocurrencies being flawed. All DVD copies of Gigli in the world have marginal value, but those would not serve well as currency either.
PS, quoting this hack in US dollars is misleading. They took 120,000 ETH, not cash.
Re: (Score:2)
It's almost as if the whole concept of blockchain-as-currency is flawed.
Your money is free from government interference. It's also free to thieves.
How is that any different from cash?
Re: (Score:2)
As was said by the AC, there are new and and special attack vectors with many Cyrptos. But additionally, it is very hard to undo errors because there is no authority and that is compounded by a lack of regulation. There is also zero privacy, so the transactions are not really free from government interference in the sense that everything you do can be traced forever if at any point identifying information gets into the blockchain (from where it can't be removed). And not just the government - anyone can loo
Apropos name (Score:2)
Stolen? (Score:5, Interesting)
Looks to me the Solana smart contracts for Wormhole worked exactly as programmed. Code is law, right? Also, i'm presuming no exchanges will reject trades with these tokens? You know, with decentralization and all.
Anyway, the timing for this "hack" is super weird. It happened an hour after Wormhole submitted a fix for the vulnerability used in the exploit [github.com], but before that change actually materialized in tokens - which could very well mean an inside job.
Re:Stolen? (Score:4, Interesting)
The thief was probably watching various repos for commits related to security, and as soon as they saw that one they exploited it before the fix was deployed to production. Rookie mistake there.
They have offered the thief $10m for the return of the currency. Seems risky, as they will need to provide some contact details to get the cash. Better off just laundering it with NFTs I think.
Re: (Score:2)
Honestly, i don't think this is an exploit you can engineer in a couple hours.
Re: (Score:1)
It can be exploited pretty quickly when the vulnerability is intentionally included from the start. These aren't "hacks".
Another day (Score:3)
Another hack of cryptocurrency.
The fun never ends.
I sense a great disturbance in the Fraud... (Score:4, Funny)
It is as though a million ransomware operators were screaming Russian curses and hurling empty vodka bottles at their servers.
Quick! (Score:2)
Re: (Score:2)
Don't worry, there will certainly be a 'no true Scotsman' argument along any second about how this doesn't count as a crypto-currency problem.
Re: (Score:2)
Good deal (Score:2)
The $10 million bug bounty and white hat deal offered to the hacker if he returns the stolen coins seems like a good deal. Yes, it's a lot less than $325 million, but actually getting away with that amount without getting traced is not going to be that easy. I'd take the ten million free and clear.
Re: (Score:3, Insightful)
Has the hacker broke any laws, or did he just hurt the Wormhole developers feelings? As someone noted above, the Solana smart contracts implemented by Wormhole worked exactly as designed.
All the hacker needs is to go through a couple ETH tumblers and cash out now. Why would you turn your back on $315mil?
Re:Good deal (Score:4, Interesting)
I don't think a twitter post is going to hold up in court as a contract. The theif has no reason to trust these people won't sue him anyway if he comes forward and makes the return. Not like people reporting vulns have never been gone after...
Also its pure myth in most jurisdictions the victim has to 'press charges' a prosecutor could easily decided to go after the perp anyway even if he does return the property as requested. TBH I don't know why a prosecutor would not do so - do we want a precedent that you can go around doing what are basically electronic bank heists but as long as you give most of it back you get a nice little payday without consequence? - Sure I can see why the victim might prefer that outcome but is it in the public's interest?
Hmmm... (Score:3)
1. Set up crypto-something using other peoples money.
2. Tell them you got hacked.
3. Profit!!
No need for a ??? step...
Now, now... (Score:5, Funny)
Re: Now, now... (Score:2)
Re: (Score:2)
Try to show a little sympathy.
I think I am a fairly generous person regarding different views and ways of life, but I have serious difficulty sympathising with people coming to grief because of their greed. You may assume that my philosophy is not of the Gordon Gecko variety. I love a bit of schadenfreude in the afternoon, don't you?
web3 is going just great (Score:2)
Another day, another 'hack' that played by all the rules. web3 is going just great [web3isgoinggreat.com].
It's an impedance mismatch (Score:2)
Is anyone tracking all these hacks and heists? (Score:2)
I can't seem to find a website that's aggregating all the cryptocurrency hacks, heists, and thefts that make the news. Do you know of a list?
I'd like to see just how much has been lost in this totally-not-a-speculative-scam financial system.
Re: (Score:2)
Of course, there's a Wiki page... https://en.wikipedia.org/wiki/... [wikipedia.org]
Just looking at their exchange heist list and including the one in the Slashdot article above, we're looking at $6,176,500,000 of losses due to exchange hacks and heists since 2015.
Is "Stolen" Really the Right Word? (Score:1)
If you leave a pile of money in your front yard overnight and wake to find it gone, I suppose it's technically stealing but, you do kinda deserve it for being so reckless.
We need a new word to cover this. Maybe Darwinned?