Wormhole Network exploiters have transferred $2.9 million USDC to a new ethereum (ETH) wallet based on a report by cryptosecurity site, Mistrack. More than 120,000 ETH were stolen in early February 2022 from the Wormhole, making it one of the largest thefts in cryptocurrency history.
A security flaw that cost millions of dollars
Wormhole was hacked when an attacker (or a group) made off with close to $325 million by exploiting a security flaw. The cause was an update in your GitHub repository. The update revealed a fix for a bug that had not yet been implemented.
On Wormhole’s Twitter, they confirmed that the hack occurred and gave the exact amount stolen.
The attacker used a valid signature to access a transaction on the solana (SOL) blockchain. This transaction allowed them to freely mint over 120,000 wrapped ethereum (wETH), equal to around $325 million at the time of writing.
The hackers transferred Wormhole funds before exchanging stolen ETH for around $250 million. This transaction liquidated the platform’s ETH held as collateral in solana and also forced a 10% drop in SOL prices.
Stablecoins under fire
The vulnerability allowed attackers to temporarily leave a large gap between regular and wETH at the Wormhole bridge.
Stablecoins were subsequently criticized by regulators as they have been hitting the broader financial market massively in recent years, the UST collapse being a prime example.
Regulators are concerned that digital currencies could have a negative impact on the traditional money market. Typically, when converting digital money to fiat money, issuers must sell their held assets. That means that a large portion of the US Treasury bills, held by Circle as a reserve for outstanding USDC, would have to be liquidated.
