Security Firm CertiK Detects $5M Security Flaw in Cross-Chain Bridge Wormhole

cryptonews.com:

Security firm CertiK said it has detected and prevented a flaw in the cross-chain bridge Wormhole which could have resulted in $5 million worth of losses.

In a social media post, CertiK said its research team found a critical bug in Wormhole — an incorrect application of the public and entry modifiers exposing the blockchain to potential multimillion-dollar exploits.

This case study not only underscores the critical role of proactive security practices but also celebrates the power of open source software in raising security and transparency standards across the Web3 world.

— CertiK (@CertiK) May 13, 2024

In a short video explainer, CertiK runs through how it detected the flaw in the network.  CertiK said this case study not only underscores the critical role of proactive security practices but also celebrates the power of open-source software in raising security and transparency standards across the Web3 world.

Wormhole supports the transfer of tokens and data across different blockchain networks. The crypto project was spun off by Jump Trading Group and is one of the most popular bridges linking the Ethereum and Solana blockchains.

In 2022, Wormhole lost about $321 million in an exploit. Hackers compromised Wormhole Bridge leading to 120,000 wETH loss from the platform, equivalent to $321 million. It was the largest DeFi attack of 2022 and the hacker swapped wETH tokens with Ethereum, SOL, USDC, APE, SX, etc.

An investigation conducted by pseudonymous researcher Pland, detailed in an X post on April 4th, revealed that the Wormhole team overlooked excluding several wallet addresses associated with the exploit that drained $321 million in crypto from the cross-chain bridge.

Chainalysis said to understand why the 2022 attack was