Discover Geeks Academy’s articles on: Blockchain, Coding, Cybersecurity, Cloud, Big Data, Artificial Intelligence, Gaming, Digital Innovation
Over the past twenty years, the Web has evolved and its use has grown exponentially. As the number of users increases, so do the threats. The Internet has improved, as cyber attacks did: from malware to trojans to the timeless phishing scam, the methods are more or less still the same. If once it was a single individual who had to orchestrate and commit the crime, nowadays we talk about cyber-gangs, specialized and organized in various types of cyber hacks. One of the most affected technologies in recent years is the blockchain, indeed. According to an Elliptic report, Defi and the whole crypto market suffered losses of over $12 billion in 2020 and 2021, of which more than $10 billion were stolen over the past year. However, some of the thefts occur more due to negligence and oversight of the developers than to criminals’ acumen. Unfortunately, 2022 has also started under the sign of hacks and scams.
Wormhole
The Wormhole is a protocol which connects various blockchains, including Ethereum, Solana, Polygon, Terra, Avalanche, Fantom and others. Wormhole is therefore a bridge: bridges in crypto jargon are applications that allow the exchange of assets between different blockchains. What happens when we need to transfer a token or coin to a different blockchain? If I own 1 ETH on the Ethereum network and use the Wormhole bridge, I provide that specific asset as collateral, the protocol verifies that I own 1 ETH and freezes the asset on the sender blockchain; after the confirmation, Wormhole mints (i.e. creates) a version of Ethereum in a 1:1 ratio compatible with the recipient blockchain. At the end of the process I will get 1 wETH - wrapped Ethereum compatible with other EVM blockchains - in the previously picked recipient blockchain.
Millionaire theft
At the beginning of 2022, due to a smart contract vulnerability and the naivety of a developer, a hacker managed to steal 120,000 wETH worth $325,000 at the time of the theft. This has been happening for several reasons. The hacker managed to interact with the validation smart contract, faking that he was depositing large sums of ETH on the Ethereum network. However, the malicious user did not own any ETH, it was only able to exploit a flaw in Solana's VAA, Validation Action Approval. By exploiting the weakness of the VAA message, the cyber-criminal could mint (i.e. create) thousands of wETH without depositing anything on the Ethereum network. Beyond the cunning act, the scammer had even a lead to follow: on GitHub, where developers communicate updates and bug fixes about their applications, he became aware of a potential coding flaw. Apparently the Wormhole bridge update report was posted online before the update went live.
Cross-chain philosophy
The frantic rush to develop delicate and fundamental protocols such as bridges leaves room for human errors. Mistakes that cost millions for both businesses and consumers. The interoperability between many networks and being cross-chain as quickly as possible generate flaws in crucial areas, where malicious actors have the opportunity to enter easily inside the protocols and steal in a short time huge amounts of digital coins. Many managers and developers in the crypto space blame this crazy race for multi-chain expansion without the necessary time for the beta-testing process. The blockchain mass adoption is about ensuring a top notch security and protection for the infrastructure.
Cybersecurity threats
Cybersecurity sector has been constantly growing lately. Everyday cyber attacks are on the agenda. The latest researches present worrying statistics indeed:
- 94% of malwares is delivered via email.
- 85% of cybersecurity breaches are caused by human errors.
- A ransomware attack occurs every 10 seconds.
- Cybercrime's annual global losses are expected to reach $10.5 trilion by 2025.
Also, blockchain’s use cases are endless, and understanding the way to make this technology even more efficient is just the beginning.
Don't live the future as a sidekick... be a superhero! Discover Geeks Academy’s training offer in Cybersecurity & Cloud and Blockchain & Coding:
Cybersecurity vs Blockchain is an in-depth series about the most trending hacks in recent history. Below a comprehensive list of the ones we have been talking about:
Sources:
https://www.bankinfosecurity.com/how-cyber-attacks-are-evolving-a-5882
https://cryptobriefing.com/elliptic-estimates-12b-lost-to-defi-exploits/
https://www.theverge.com/2022/2/3/22916111/wormhole-hack-github-error-325-million-theft-ethereum-solana
https://decrypt.co/91899/hacker-steals-320-million-solana-ethereum-bridge-wormhole