Wormhole attackers transfer $2.9m USDC to a new wallet address months after hack
Wormhole Network exploiters have transferred $2.9m USDC to a new ethereum (ETH) wallet based on a report by crypto security site, Mistrack. Over 120,000 ETH were stolen in early February 2022 from Wormhole, making it one of the largest heists in crypto history.
A security flaw that cost millions of dollars
Wormhole was hacked when an attacker (or a group) made off with close to $325m by exploiting a security flaw. An update in their GitHub repository was the cause. The update revealed a fix for a bug that was yet to be deployed.
On Wormhole’s Twitter, they confirmed that the hack occurred and gave the exact amount stolen.
The attacker used a valid signature to access a transaction on the solana (SOL) blockchain. This transaction allowed them to freely mint over 120,000 wrapped ethereum (wETH), equivalent to around $325m as of writing.
The hackers transferred funds from Wormhole before swapping stolen ETH for around $250m. This transaction liquidated the platform’s ETH held as collateral on solana while also forcing a 10% drop in SOL’s prices.
Stablecoins under fire
The vulnerability allowed the attackers to temporarily leave a huge gap between the regular and the wETH in the Wormhole bridge.
Subsequently, stablecoins came under fire from regulators as they have been hugely affecting the broader financial market in recent years, with a prime example being the UST collapse.
Regulators are worried that digital currencies could negatively impact the traditional money market. Usually, when converting digital money to fiat money, issuers must sell their assets in reserve. That means a big chunk of U.S. Treasury bills, held by Circle as a reserve for USDC in circulation, would have to be liquidated.