$320 milllion stolen from Wormhole crypto-trading platform | Malwarebytes Labs

In the world of networking “It’s always DNS” is the mantra. For crypto exploits it’s rapidly becoming “data validation”…:

[…] Wormhole Portal is a web-based application that allows users to convert one form of cryptocurrency into another. These portals are often referred to as blockchain bridges. Basically they use Ethereum smart contracts (computer code stored on a blockchain) to connect the input currency and the desired output currency.

The attacker is believed to have exploited this process to trick the Wormhole project into releasing Ether (ETH) and Solana (SOL) coins for a far greater value than their input value. Analysis by experts showed that the attacker created a guardian account by using information pointing back to an earlier, legitimate and much smaller, transaction.

The short version of what happened is easy. Wormhole didn’t properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum.

[…]

Original Article