Imagine committing one of the biggest robberies in history and still receiving tokens as a prize via airdrop. That’s exactly what happened to the hacker responsible for the attack on Wormhole, who stole US$321 million. The action took place in February 2022 and was the second biggest hacker attack in the history of cryptocurrencies.
Because with the launch of the W token, the address linked to the hacker was considered qualified to receive W tokens. According to network data, the attacker can claim a value of up to US$50,000 in W tokens. In other words, around R$ 250 thousand in current values.
Apparently, Wormhole had the means to block certain addresses from accessing the airdrop, but neglected the hacker’s wallet.
Invaded, stole and won
On April 3, Wormhole announced the airdrop of more than 675 million W tokens. The airdrop was successful, but the price of W dropped 14% this Friday (5). As a result, the value of the airdrop was around US$850,000.
A day later, a researcher going by the pseudonym Pland claimed that the Wormhole team neglected to delete certain wallet addresses. Among them were four wallets that appeared eligible to receive the tokens.
According to data from the Airdrop Link website, four wallet addresses were temporarily authorized to claim W tokens. However, CriptoFácil verified the addresses and noticed that they were no longer eligible, indicating that the Wormhole team has likely resolved the error.
This supposed block occurred in time to prevent the hacker from being able to claim the tokens. If he had done so, he would have received up to 31,642 W, valued at around $50,000 based on current prices.
Meanwhile, the W token opened trading on OpenBook, a Solana-based decentralized exchange (DEX). Its price reached US$1.66 with a market capitalization of US$3 billion. Upon its release, OpenBook encountered significant congestion, leading to reports of inaccessibility from several users.
The released tokens constitute 6% of the total supply, with an additional 12% allocated to core contributors and 23.3% going to the foundation treasury. The token lost part of its value after the official launch.
Understand the attack
In 2022, a hacker exploited a vulnerability in Wormhole’s liquidity bridge, which connects the Ethereum and Solana blockchains. The attack resulted in the loss of 120,000 Wrapped Ether (WETH), or about $320 million.
After the attack, two platforms performed a ‘counter-exploit’ on the hacker in February 2023 and managed to recover around US$220 million.
To this day, the attack against Wormhole is second only to the attack against the Ronin bridge, which had losses of more than US$620 million.
Wormhole has improved its security and even announced two reward programs for anyone who finds bugs on the platform. Each offered US$2.5 million in rewards to anyone who identified possible new flaws in the protocol. Additionally, several third-party companies performed audits to resolve critical issues in Wormhole’s system.
Source: https://www.criptofacil.com/hacker-da-wormhole-ganhou-direito-a-mais-de-30-000-tokens-em-airdrop/
