{"id":6955,"date":"2022-02-05T01:31:44","date_gmt":"2022-02-05T01:31:44","guid":{"rendered":"http:\/\/egrowonline.com\/?p=6955"},"modified":"2022-02-05T01:31:44","modified_gmt":"2022-02-05T01:31:44","slug":"wormhole-cryptotrading-company-turns-over-340000000-to-criminals-naked-security","status":"publish","type":"post","link":"http:\/\/egrowonline.com\/?p=6955","title":{"rendered":"Wormhole cryptotrading company turns over $340,000,000 to criminals \u2013 Naked Security"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>To misquote (and, indeed, <a target=\"_blank\" href=\"https:\/\/www.gutenberg.org\/files\/98\/98-h\/98-h.htm#link2H_4_0001\" rel=\"nofollow noopener\">to mispunctuate<\/a>) Charles Dickens: <em>it was the best of blockhains; it was the worst of blockchains.<\/em><\/p>\n<p>This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens.<\/p>\n<p>Assuming a conversion rate of ETH1 = US$2800, that comes out close to $340,000,000.<\/p>\n<p>You\u2019ll find mention of this cyberheist on Wormole\u2019s Twitter feed (<a target=\"_blank\" href=\"https:\/\/twitter.com\/wormholecrypto\" rel=\"nofollow noopener\">@wormholecrypto<\/a>), under an apparently un-ironic heading that describes the company\u2019s business as:<\/p>\n<blockquote>\n<p>Interoperability protocol powering the seamless transfer of value and information across 7 high value chains with just one integration\u201d<\/p>\n<\/blockquote>\n<p>\u201cSeamless transfer\u201d indeed!<\/p>\n<aside id=\"sophos_ad-3\" class=\"widget sophos-inline-ad sophos_widget_ad\">\n<\/aside>\n<h2>Let\u2019s rewrite history<\/h2>\n<p>As <a target=\"_blank\" href=\"https:\/\/www.elliptic.co\/blog\/325-million-stolen-from-wormhole-defi-service\" rel=\"nofollow noopener\">pointed out by Elliptic<\/a>, a company that offers blockchain analytics to assist with compliance, the Wormhole team tried the same trick that was used by cryptocoin company Poly Networks when it was <a target=\"_blank\" href=\"https:\/\/nakedsecurity.sophos.com\/2021\/08\/11\/hacker-grabs-600m-in-cryptocash-from-blockchain-company-poly-networks\/\" rel=\"noopener\">defrauded of more than $600,000,000<\/a> in August 2021.<\/p>\n<p>The company apparently asked the crooks nicely, in a comment embedded in <a target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x2d8b7901bff18ae6abe1a50aebe44b70559f39ff357b21340843d368b9486859\" rel=\"nofollow noopener\">zero-value Ether transaction<\/a> aimed at the criminals, to give the money back:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-xaction-720.png\" alt=\"\" width=\"720\" height=\"590\" class=\"aligncenter size-full wp-image-669296\" srcset=\"https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-xaction-720.png 720w, https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-xaction-720.png?resize=300,246 300w, https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-xaction-720.png?resize=85,70 85w\" \/><\/p>\n<p>Printing out the input data above in ASCII text instead of as hexadecimal codes reveals an apparent offer to redefine the criminals as bona fide researchers and pay out a $10,000,000 bug bounty\u2026<\/p>\n<p>\u2026if the crooks were to reveal the exploit they used:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-text-720.png\" alt=\"\" width=\"720\" height=\"124\" class=\"aligncenter size-full wp-image-669295\" srcset=\"https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-text-720.png 720w, https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-text-720.png?resize=300,52 300w, https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/02\/wh-text-720.png?resize=100,17 100w\" \/><\/p>\n<p>We\u2019re sure that anyone who thinks that ransomware payments should be illegalised \u2013 and there\u2019s a vocal minority who think they should \u2013 will be aghast at this sort of retrospective offer to \u201cgive the money back and we\u2019ll write the whole thing up (and off) as legitimate security research\u201d.<\/p>\n<p>Nevertheless, you can understand why a company in Wormhole\u2019s desperate position might make the offer, even if it\u2019s hard to imagine at first thought why crooks who had already \u2013 and  apparently anonymously \u2013 made off with $340,000,000 would waive their anonymity in exchange for a fraction of the amount.<\/p>\n<p>In the Poly Networks hack, the ruse seemed to work: the alleged hacker or hackers did utlimately return most of the stolen funds, with Poly Networks referring to them as \u201cMr White Hat\u201d, telling them they could keep $500,000, and offering them a role as a security advisor to the business.<\/p>\n<hr style=\"margin-top:2em\" \/>\n<p style=\"background-color: #0d69ba;padding: 0.5em;text-align: center;color: white;font-size: 90%;margin-top:2em\"><strong>SHOULD RANSOMWARE PAYMENTS BE LEGAL? AND OTHER HARD QUESTIONS\u2026<\/strong><\/p>\n<p style=\"font-size: 75%;text-align: center\"><em>No audio player visible below? Listen <a target=\"_blank\" href=\"https:\/\/soundcloud.com\/sophossecurity\/s3-ep556-cyberinsurance-help-or-hindrance\" rel=\"noopener\">on Soundcloud<\/a> directly.<br \/>Prefer text to audio? Read a <a target=\"_blank\" href=\"https:\/\/nakedsecurity.sophos.com\/2021\/10\/25\/becybersmart-2021-cyberinsurance\/\" rel=\"noopener\">full transcript<\/a> instead.<\/em><\/p>\n<h2>Thanks, but no thanks<\/h2>\n<p>This time, the cybercriminals don\u2019t seem to have come to the party.<\/p>\n<p>Instead, vaguely mysterious blockchain startup Jump Crypto seems to have, hmmm, jumped in with money of its own to backfill the third-of-a-billion-sized, ahhh, wormhole opened up by Wormhole\u2019s exploitable cryptocurrency code:<\/p>\n<div style=\"text-align:center\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">.<a target=\"_blank\" href=\"https:\/\/twitter.com\/JumpCryptoHQ?ref_src=twsrc%5Etfw\" rel=\"noopener\">@JumpCryptoHQ<\/a> believes in a multichain future and that <a target=\"_blank\" href=\"https:\/\/twitter.com\/wormholecrypto?ref_src=twsrc%5Etfw\" rel=\"noopener\">@WormholeCrypto<\/a> is essential infrastructure. That\u2019s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.<\/p>\n<p>\u2014 Jump Crypto &#x1f9ac; (@JumpCryptoHQ) <a target=\"_blank\" href=\"https:\/\/twitter.com\/JumpCryptoHQ\/status\/1489301013408497666?ref_src=twsrc%5Etfw\" rel=\"noopener\">February 3, 2022<\/a><\/p>\n<\/blockquote>\n<\/div>\n<p>So, <a target=\"_blank\" href=\"https:\/\/twitter.com\/wormholecrypto\/status\/1489232008521859079\" rel=\"nofollow noopener\">according to Wormhole<\/a>, <em>\u201cAll funds have been restored and Wormhole is back up,\u201d<\/em> and, <em>\u201cThe team is working on a detailed incident report and will share it asap.\u201d<\/em><\/p>\n<p>Not a word about the disaster, however, on Wormhole\u2019s blog or website, which still leads unashamedly with the words <em>THE BEST OF BLOCKCHAINS<\/em> in giant text\u2026<\/p>\n<p>\u2026albeit with an unintentionally hyper-accurate strapline underneath in tiny characters: <em>\u201cMove information and value anywhere.\u201d<\/em><\/p>\n<h2>What to do?<\/h2>\n<p>As the saying goes, you couldn\u2019t make this stuff up.<\/p>\n<p>So, as we did after the Poly Networks hack, where customers\u2019 funds similarly vanished and later reappeared as if by magic, we\u2019ll leave you with some general cryptotrading advice, rather than anything specific to this incident:<\/p>\n<ul>\n<li><strong>If you\u2019re thinking of getting into the cryptocurrency scene, never invest more than you can afford to lose.<\/strong> And when we say \u201close\u201d, we mean \u201close everything\u201d, not merely \u201cfail to make any profit\u201d. There are more than 10,000 different cryptocoins currently in existence, many of which were kicked off by cash injections from early investors. Not all cryptocoins can or will follow the Bitcoin pattern of going from a few cents in value in 2010 to just under $40,000 each in February 2022. Even worse, some are unreconstructed scams in which the \u201ccreators\u201d of the cryptocoinage collect startup funds from early investors in what\u2019s known as an ICO (initial coin offering), only to run off without ever establishing a new cryptocurrency or trading site at all.\n<\/li>\n<li><strong>If you plan to buy and hold cryptocurrency, keep as much of you can offline in what\u2019s known as a cold wallet.<\/strong> A cold wallet is an encrypted file that you keep where you won\u2019t lose track of it, and where other people can\u2019t use it unless they know your password. Be careful of trusting too much of your investment to hot wallet situations, where you need to trust other people totally, just so you can trade faster and more aggressively.\n<\/li>\n<\/ul>\n<p>We started by misquoting Mr Charles Dickens, so we\u2019ll end by reminding you that the quotation goes on to say, <em>\u201cIt was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity.\u201d<\/em><\/p>\n<p>Remember that trust is quick to evaporate precisely because it is supposed to take time to gain in the first place.<\/p>\n<hr style=\"margin-top:2em\" \/>\n\t\t\t<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/02\/04\/wormhole-cryptotrading-company-turns-over-340000000-to-criminals\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To misquote (and, indeed, to mispunctuate) Charles Dickens: it was the best of blockhains; it was the worst of blockchains. This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens. Assuming a conversion rate of ETH1 = [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6956,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[39],"tags":[20,3956,4646,4647,1349,2395,4562],"class_list":["post-6955","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ico","tag-company","tag-criminals","tag-cryptotrading","tag-naked","tag-security","tag-turns","tag-wormhole"],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"http:\/\/egrowonline.com\/wp-content\/uploads\/2022\/02\/wh-1200.jpg","_links":{"self":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/6955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6955"}],"version-history":[{"count":1,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/6955\/revisions"}],"predecessor-version":[{"id":6957,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/6955\/revisions\/6957"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/media\/6956"}],"wp:attachment":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6955"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}