Cross-chain bridge Wormhole suffered a massive exploit
While Ethereum’s high transaction fees push DeFi users to adopt various layer-2 scaling solutions, bridges continue to be one of the most vulnerable pieces of the whole DeFi infrastructure, with the most recent exploit leading to the loss of $325 million.
The Wormhole bridge allows users to transfer their liquidity between chains by locking ETH collateral in the Ethereum-based smart contract and minting a pegged asset called Wormhole ETH (wETH) on the Solana blockchain. Notably, the hacker exploited a bridge function to verify asset transfers, which allowed him to spoof guardian signatures and execute an unauthorized mint of 120,000 wETH.
Following the news, Solana’s SOL token dipped 10% and the DeFi community started discussing a potential impact of the attack including a bank run since 120,000 ETH were missing from the bridge collateral, meaning that 120,000 wETH circulating in the Solana DeFi ecosystem didn’t have any real backing.
Shortly after, the vulnerability was patched and the Wormhole team announced that the missing funds will be added to the collateral to ensure that wETH is backed 1:1 with Ether. 120,000 ETH has been provided by trading firm Jump Crypto, which last year acquired Certus One — a blockchain infrastructure company that developed Wormhole. The hacker has been offered a $10 million white-hat bounty to return the stolen funds.
US regulators continue tightening the grip over cryptocurrencies
The Biden administration is reportedly set to regulate cryptocurrencies as a matter of national security. The White House is planning to release an executive order that tasks federal agencies with analyzing digital assets and putting together a regulatory framework that would cover cryptos and NFTs.
The crypto community is also drawing attention to a new bill introduced in the U.S. Houser of Representatives that could empower the Treasury Department to block U.S. financial institutions from interacting with crypto exchanges or impose conditions on transactions over money laundering concerns.
A week later, the US Treasury Department released a study that highlights agency’s concerns over money laundering and terror finance in the NFT space. According to the report, art auction houses and galleries may not have technical knowledge required to effectively identify their customers in the space.
Meanwhile, US crypto investors Joshua and Jessica Jarrett rejected a settlement with the Internal Revenue Service (IRS) in order to compel the US tax agency to argue its case in court. With the help of the Proof of Stake Alliance, plaintiffs want the government body to clarify its policy of taxing staking and mining rewards as income in front of a US court. The Jarretts argue that such rewards should be only taxed upon their sale, since they are a “new” property.
In other news
New malware “Mars Stealer” targets popular web3 browser extensions such as MetaMask, Coinbase Wallet, and Binance Chain Wallet. After infecting a system, the malware steals users’ private keys from Chromium-based browsers like Chrome and Brave and then deletes its presence. Curiously, the malware leaves the system without any malicious action if the device language matches language IDs of Azerbaijan, Belarus, Kazakhstan, Russia, or Uzbekistan.
Binance Smart Chain-based protocol Qubit Finance has been hacked to the tune of $80 million worth of BNB. The attacker exploited protocol’s Ethereum bridge that allows users to deposit Ethereum-based wETH in exchange for BSC-based xETH, which can be used as collateral in the Qubit Finance smart contract.
OpenSea - the largest NFT marketplace by trading volume - has reimbursed its users who unintentionally sold their NFTs due to platform’s frontend bug. Earlier in January, a tech-savvy buyer was able to snatch highly-valuable NFTs for old listing prices that didn’t have expiration date.
Decentralized autonomous organization AssangeDAO has raised over $50 million. Contributors received the JUSTICE governance token that allows them to vote on the future direction of the funds. The DAO is planning to fight for the freedom of Wikileaks founder Julian Assange by financing his legal fees and increasing public awareness about the free speech implications of Assange’s case.
Avalanche-based DeFi protocol Wonderland has removed Sifu as its treasury manager after it was revealed he was the convicted co-founder of failed Canadian crypto exchange QuadrigaCX, which collapsed in 2019.