Security News > 2022 > February > What your organization can learn from the $324 million Wormhole blockchain hack
Those following the tech world have probably heard about the recent hack of blockchain bridging service Wormhole that has amounted to the fourth-largest crypto theft, and second-largest De-Fi theft, ever.
In this particular case, the attacker exploited Wormhole in such a way that they were able to trick it into minting 120,000 wrapped ethereum on the Solana blockchain, most of which the attacker then moved to the ethereum blockchain.
It shut down to assess the problem, and with no recourse to recover its stolen funds Wormhole took to actually pleading with the attacker to return the stolen ethereum in exchange for a $10 million bug bounty.
The attacker has yet to accept the offer, and Wormhole was only able to restore its missing crypto thanks to the generosity of another crypto investment organization called Jump Trading, which said of its charitable giving that "We replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop."
Using a series of blockchain transactions to insert fake credentials, the attacker was able to fool Wormhole into pulling sysvar instructions from fake ones they had created during Wormhole's signature verification process.
In short, the attacker exploited the fact that Wormhole didn't properly validate the accounts, giving the attacker the chance to insert their own fake commands that made it appear as if they had the authority to mint ethereum.