{"id":2544,"date":"2022-02-06T10:42:00","date_gmt":"2022-02-06T10:42:00","guid":{"rendered":"https:\/\/odwstage.com\/omniatech\/?p=2544"},"modified":"2023-05-21T21:49:37","modified_gmt":"2023-05-21T21:49:37","slug":"lessons-from-the-wormhole-exploit","status":"publish","type":"post","link":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/","title":{"rendered":"Lessons from the Wormhole Exploit"},"content":{"rendered":"<span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\">4<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>\n<p id=\"3516\"><strong>TL;DR<br><\/strong><a href=\"https:\/\/wormholenetwork.com\/\" rel=\"noreferrer noopener\" target=\"_blank\">Wormhole<\/a>&nbsp;didn\u2019t upgrade to the latest version of Solana standard lib, therefore it didn\u2019t check stuff properly and allowed the attacker to bypass the signature verification process, thus stealing around $300M worth of ETH from the Wormhole Bridge.<\/p>\n\n\n\n<p id=\"a326\">I finally had some spare time this weekend and decided to do a full dive on the recent Solana &amp; Wormhole Bridge hack.<\/p>\n\n\n\n<p id=\"2621\">Here is my understanding of what happened.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"16a6\">First things first. What is Wormhole?<\/h3>\n\n\n\n<p id=\"0193\">Wormhole is a decentralized, cross-chain message passing protocol which enables applications to send messages from one chain to another. The network is operated by a decentralized group of&nbsp;<a href=\"https:\/\/github.com\/certusone\/wormhole-networks\/blob\/master\/mainnetv2\/guardianset\/v1.prototxt\" rel=\"noreferrer noopener\" target=\"_blank\">nineteen Guardians<\/a>&nbsp;who sign each transmitted message to attest to its authenticity.<\/p>\n\n\n\n<p id=\"ac9b\"><a href=\"https:\/\/portalbridge.com\/#\/transfer\" rel=\"noreferrer noopener\" target=\"_blank\">Portal<\/a>&nbsp;is a token bridge constructed on top of the Wormhole network. Portal enables users to deposit funds into a contract on a source chain, then mint a Wormhole-wrapped version of the token on a destination chain.<\/p>\n\n\n\n<p id=\"741e\">For example, if you want to move $ETH from Ethereum to Solana, Wormhole guardians will sign the transfer message, thus approving that you deposited ETH on Ethereum before you receive wrapped WeETH on the Solana chain.<\/p>\n\n\n\n<p id=\"5c3f\">Things are a bit more complicated but for the sake of general understanding, I will sacrifice some of the technical stuff.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"55df\">Now, who is checking these signatures of the \u201cguardians\u201d?<\/h3>\n\n\n\n<p id=\"aecb\">Solana has native programs within the&nbsp;<em>Instructions sysvar<\/em>, something like a precompile. One of the native programs is&nbsp;<a href=\"https:\/\/docs.solana.com\/developing\/runtime-facilities\/programs#secp256k1-program\" rel=\"noreferrer noopener\" target=\"_blank\">secp256k1<\/a>&nbsp;which is responsible for validating the signatures.<\/p>\n\n\n\n<p id=\"a587\">P.S. In Solana, smart contracts are called programs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"b008\">Root cause<\/h3>\n\n\n\n<p id=\"4c87\">Wormhole Bridge used the recently deprecated function&nbsp;<a href=\"https:\/\/github.com\/solana-labs\/solana\/blob\/7ba57e7a7c87fca96917a773ed944270178368c9\/sdk\/program\/src\/sysvar\/instructions.rs#L180-L188\" rel=\"noreferrer noopener\" target=\"_blank\">load_instruction_at<\/a>&nbsp;to call the secp256k1 program. The main reason for being deprecated is that it does not check if the program address is actually a&nbsp;<em>sysvar<\/em>&nbsp;program or a fake program.<\/p>\n\n\n\n<p id=\"0c6a\">This allowed the attacker to bypass signature validation process. He created a fake program (<a href=\"https:\/\/solscan.io\/account\/2tHS1cXX2h1KBEaadprqELJ6sV9wLoaSdX68FqsrrZRd\" rel=\"noreferrer noopener\" target=\"_blank\">2tHS1cXX2h1KBEaadprqELJ6sV9wLoaSdX68FqsrrZRd<\/a>) which contained a single serialized instruction corresponding to a call to the Secp256k1 contract.<\/p>\n\n\n\n<p id=\"7fab\">The attacker then passed this fake program instead of the&nbsp;<em>Instruction sysvar<\/em>&nbsp;that was supposed to validate the signatures. The rest is history.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:241\/1*oplwH5LCsUNXXJ1r09c7rg.gif\" alt=\"\"\/><figcaption class=\"wp-element-caption\">&#8220;Thorough&#8221; security check<\/figcaption><\/figure>\n\n\n\n<p id=\"4ad9\">Bypassing the signature validation, the attacker was able to \u201cconvince\u201d the Wormhole Bridge to&nbsp;<a href=\"https:\/\/solscan.io\/tx\/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es\" rel=\"noreferrer noopener\" target=\"_blank\">mint<\/a>&nbsp;120,000 ETH on the Solana chain into his account even though he didn\u2019t deposit the equivalent on Ethereum.<\/p>\n\n\n\n<p id=\"19c0\">He immediately&nbsp;<a href=\"https:\/\/etherscan.io\/tx\/0x24c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14\" rel=\"noreferrer noopener\" target=\"_blank\">withdrew<\/a>&nbsp;80,000 ETH back to the Ethereum network.<br>In total, around 93,751 ETH were withdrawn.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"f221\">Fun fact #1<\/h3>\n\n\n\n<p id=\"4706\">Before deploying the exploit, the attacker did a legit&nbsp;<a href=\"https:\/\/etherscan.io\/tx\/0xf54d9d84e3c8a63cd007cd52d42eedbb7be34a64f7c088086071f1e2929e1521\" rel=\"noreferrer noopener\" target=\"_blank\">deposit<\/a>&nbsp;of 0.1 ETH into the Wormhole Bridge (corresponding Solana transaction&nbsp;<a href=\"https:\/\/solscan.io\/tx\/3HRKFcGjVVtf1kTHWXqJmG6zimbNeQAgN5xbt3MjP3ewYB1ih1WuWjMU6EWQXAz8shD46A3uyYW9pahoARrBmmPu\" rel=\"noreferrer noopener\" target=\"_blank\">here<\/a>), most probably testing his setup.<\/p>\n\n\n\n<p id=\"3a2d\">Notice the correct passing of&nbsp;<em>Sysvar:Instructions<\/em>&nbsp;account in the figure below.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*-VD86Yym_apAOe64QtQvyg.jpeg\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Fig. 1 \u2014 Legit deposit transaction<\/figcaption><\/figure>\n\n\n\n<p id=\"cc3a\">Now compare with the transaction for the fake deposit of 120,000 ETH \ud83d\udc47<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*QBKhpQxV7_gDdZ-y8NHttg.jpeg\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Fig 2. \u2014 Fake deposit transaction<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6947\">Fun fact #2<\/h3>\n\n\n\n<p id=\"79a1\">The Wormhole team&nbsp;<a href=\"https:\/\/github.com\/certusone\/wormhole\/commit\/7edbbd3677ee6ca681be8722a607bc576a3912c8#diff-0d27d8889edd071b86d3f3299276882d97613ad6ab3b0b6412ae4ebf3ccd6370R92-R103\" rel=\"noreferrer noopener\" target=\"_blank\">replaced<\/a>&nbsp;the deprecated&nbsp;<em>load_transaction_at<\/em>&nbsp;function with&nbsp;<em>load_transaction_at_checked<\/em>&nbsp;almost 3 weeks ago. From the community conversations, it seems that they were simply updating to the latest function versions to clear up the deprecation warnings.<\/p>\n\n\n\n<p id=\"1569\">Most likely the Wormhole team was unaware that there was security-critical content and it shouldn&#8217;t have been made public.<\/p>\n\n\n\n<p id=\"6d17\">The attacker probably spotted the change and knew what kind of vulnerabilities the deprecated function enabled, and was able to execute the exploit before the team had the chance to deploy the fix.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8b4d\">Fun fact #3<\/h3>\n\n\n\n<p id=\"6f46\">Post exploit, the Wormhole team offered the attacker a $10M bug bounty to return the funds. The text message was encoded within a&nbsp;<a href=\"https:\/\/etherscan.io\/tx\/0x2d8b7901bff18ae6abe1a50aebe44b70559f39ff357b21340843d368b9486859\" rel=\"noreferrer noopener\" target=\"_blank\">transaction<\/a>&nbsp;sent to the attacker\u2019s address.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*_hegsiz4UwVVtJrN0QWv4Q.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Fig 3. \u2014 Wormhole&#8217;s bounty proposal<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"0f33\">Fun fact #4<\/h3>\n\n\n\n<p id=\"3a7d\">The first hours after the exploit were critical since around $300 million worth of WeETH on Solana were unbacked with ETH for a period of time which meant that a number of Solana-based platforms that accepted WeETH as collateral could have become insolvent.<\/p>\n\n\n\n<p id=\"d224\">After the attempt to pay the attacker a bounty in return for the stolen funds was ignored, the Wormhole\u2019s parent company, Jump Trading,&nbsp;<a href=\"https:\/\/twitter.com\/JumpCryptoHQ\/status\/1489301013408497666\" rel=\"noreferrer noopener\" target=\"_blank\">stepped up<\/a>&nbsp;and supplied Ether to replace stolen funds to prevent a systemic crash of Solana\u2019s DeFi ecosystem if users rushed to sell their WeETH, crashing its value.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"bad0\">My takeaways<\/h3>\n\n\n\n<p id=\"064a\">1. If you develop applications on top of Solana, make sure you replace the deprecated&nbsp;<em>load_instruction_at<\/em>&nbsp;function. Continuously check what functions are deprecated and assess the security impact if you still use them in your code.<\/p>\n\n\n\n<p id=\"4c4e\">2. The code review process should also be performed by a security expert who can assess the impact and mark changes as security-critical before making them public.<\/p>\n\n\n\n<p id=\"6aa8\">3. Offering a bug bounty after the exploit has been executed makes no sense, the attacker knew it can still face accusations and legal consequences even if Wormhole promised to forgive him in return of the stolen money.<\/p>\n\n\n\n<p id=\"49c4\">Besides periodic audits, a good practice is to set up a proper bug bounty program beforehand (for example, use&nbsp;<a href=\"https:\/\/immunefi.com\/\" rel=\"noreferrer noopener\" target=\"_blank\">Immunefi<\/a>&nbsp;\u2014 a web3 dedicated bug bounty platform) or at least state a 10% bounty of the potential damage, preferrably before it happens.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\">4<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span> TL;DRWormhole&nbsp;didn\u2019t upgrade to the latest version of Solana standard lib, therefore it didn\u2019t check stuff properly and allowed the attacker to bypass the signature verification process, thus stealing around $300M worth of ETH from the Wormhole Bridge. I finally had some spare time this weekend and decided to do a full dive on the recent [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":2545,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[794],"tags":[546,557,540,554,549,531,535,553,543,541,18,539,538,547,17,551,552,556,544,545,542,555,537,532,43,550,536,534,548,530,533],"class_list":["post-2544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy-security","tag-bug-bounty","tag-bug-bounty-program","tag-bypassing-validation","tag-code-review","tag-collateral","tag-cross-chain-protocol","tag-decentralized-message-passing","tag-defi-ecosystem","tag-deprecated-function","tag-eth-withdrawal","tag-ethereum","tag-exploit","tag-fake-program","tag-fun-facts","tag-hack","tag-insolvency","tag-jump-trading","tag-legal-consequences","tag-load_instruction_at","tag-load_transaction_at_checked","tag-security-check","tag-security-expert","tag-security-vulnerability","tag-signature-verification","tag-solana","tag-solana-based-platforms","tag-sysvar","tag-token-bridge","tag-weeth","tag-wormhole-bridge","tag-wormhole-guardians"],"acf":[],"wbAuthor":{"name":"Alex Lupascu","link":"https:\/\/omniatech.io\/pages\/author\/alexlupascu\/"},"wbDate":"Feb 6, 2022","wbCategories":{"space":"<a href=\"https:\/\/omniatech.io\/pages\/category\/privacy-security\/\" rel=\"category tag\">Privacy &amp; Security<\/a>","coma":"<a href=\"https:\/\/omniatech.io\/pages\/category\/privacy-security\/\" rel=\"category tag\">Privacy &amp; Security<\/a>"},"wbComment":0,"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Lessons from the Wormhole Exploit - OMNIA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lessons from the Wormhole Exploit - OMNIA\" \/>\n<meta property=\"og:description\" content=\"4 min read TL;DRWormhole&nbsp;didn\u2019t upgrade to the latest version of Solana standard lib, therefore it didn\u2019t check stuff properly and allowed the attacker to bypass the signature verification process, thus stealing around $300M worth of ETH from the Wormhole Bridge. I finally had some spare time this weekend and decided to do a full dive on the recent [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/\" \/>\n<meta property=\"og:site_name\" content=\"OMNIA\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-06T10:42:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-21T21:49:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"675\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Alex Lupascu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Lupascu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/\",\"url\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/\",\"name\":\"Lessons from the Wormhole Exploit - OMNIA\",\"isPartOf\":{\"@id\":\"https:\/\/omniatech.io\/pages\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp\",\"datePublished\":\"2022-02-06T10:42:00+00:00\",\"dateModified\":\"2023-05-21T21:49:37+00:00\",\"author\":{\"@id\":\"https:\/\/omniatech.io\/pages\/#\/schema\/person\/902af0aeb9024ae8230d12052adcb822\"},\"breadcrumb\":{\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage\",\"url\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp\",\"contentUrl\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp\",\"width\":675,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/omniatech.io\/pages\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lessons from the Wormhole Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/omniatech.io\/pages\/#website\",\"url\":\"https:\/\/omniatech.io\/pages\/\",\"name\":\"OMNIA\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/omniatech.io\/pages\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/omniatech.io\/pages\/#\/schema\/person\/902af0aeb9024ae8230d12052adcb822\",\"name\":\"Alex Lupascu\",\"url\":\"https:\/\/omniatech.io\/pages\/author\/alexlupascu\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lessons from the Wormhole Exploit - OMNIA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/","og_locale":"en_US","og_type":"article","og_title":"Lessons from the Wormhole Exploit - OMNIA","og_description":"4 min read TL;DRWormhole&nbsp;didn\u2019t upgrade to the latest version of Solana standard lib, therefore it didn\u2019t check stuff properly and allowed the attacker to bypass the signature verification process, thus stealing around $300M worth of ETH from the Wormhole Bridge. I finally had some spare time this weekend and decided to do a full dive on the recent [&hellip;]","og_url":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/","og_site_name":"OMNIA","article_published_time":"2022-02-06T10:42:00+00:00","article_modified_time":"2023-05-21T21:49:37+00:00","og_image":[{"width":675,"height":500,"url":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp","type":"image\/webp"}],"author":"Alex Lupascu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alex Lupascu","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/","url":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/","name":"Lessons from the Wormhole Exploit - OMNIA","isPartOf":{"@id":"https:\/\/omniatech.io\/pages\/#website"},"primaryImageOfPage":{"@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage"},"image":{"@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp","datePublished":"2022-02-06T10:42:00+00:00","dateModified":"2023-05-21T21:49:37+00:00","author":{"@id":"https:\/\/omniatech.io\/pages\/#\/schema\/person\/902af0aeb9024ae8230d12052adcb822"},"breadcrumb":{"@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#primaryimage","url":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp","contentUrl":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp","width":675,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/omniatech.io\/pages\/lessons-from-the-wormhole-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/omniatech.io\/pages\/"},{"@type":"ListItem","position":2,"name":"Lessons from the Wormhole Exploit"}]},{"@type":"WebSite","@id":"https:\/\/omniatech.io\/pages\/#website","url":"https:\/\/omniatech.io\/pages\/","name":"OMNIA","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/omniatech.io\/pages\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/omniatech.io\/pages\/#\/schema\/person\/902af0aeb9024ae8230d12052adcb822","name":"Alex Lupascu","url":"https:\/\/omniatech.io\/pages\/author\/alexlupascu\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp",675,500,false],"thumbnail":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg-150x150.webp",150,150,true],"medium":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg-300x222.webp",300,222,true],"medium_large":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp",675,500,false],"large":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp",675,500,false],"1536x1536":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp",675,500,false],"2048x2048":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/05\/1_6BMb2XNbF7x4DOWHtEPTGg.webp",675,500,false]},"uagb_author_info":{"display_name":"Alex Lupascu","author_link":"https:\/\/omniatech.io\/pages\/author\/alexlupascu\/"},"uagb_comment_info":0,"uagb_excerpt":"4 min read TL;DRWormhole&nbsp;didn\u2019t upgrade to the latest version of Solana standard lib, therefore it didn\u2019t check stuff properly and allowed the attacker to bypass the signature verification process, thus stealing around $300M worth of ETH from the Wormhole Bridge. I finally had some spare time this weekend and decided to do a full dive&hellip;","mfb_rest_fields":["wbAuthor","wbDate","wbCategories","wbComment","yoast_head","yoast_head_json","uagb_featured_image_src","uagb_author_info","uagb_comment_info","uagb_excerpt"],"_links":{"self":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/2544"}],"collection":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/comments?post=2544"}],"version-history":[{"count":1,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/2544\/revisions"}],"predecessor-version":[{"id":2546,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/2544\/revisions\/2546"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/media\/2545"}],"wp:attachment":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/media?parent=2544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/categories?post=2544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/tags?post=2544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}