Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»TRADING NEWS»CertiK fixes $5 million wormhole bridge defect
TRADING NEWS

CertiK fixes $5 million wormhole bridge defect

By Crypto FlexsMay 14, 20243 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
CertiK fixes  million wormhole bridge defect
Share
Facebook Twitter LinkedIn Pinterest Email

CertiK discovered and patched a major security flaw in the Aptos network’s Wormhole bridge, potentially saving $5 million.

The vulnerability allowed attackers to create fake token transfers, but CertiK’s quick action ensured that users’ funds were protected.

Aptos’ Wormhole Bridge $5 million security flaw discovered

CertiK discovered a flaw in Aptos’ Wormhole bridge and reported it to the Wormhole team. The issue was caused by incorrect implementation of the ‘public(friend)’ and ‘entry’ qualifiers in the MOVE programming language.

The ‘public(friend)’ modifier allows the function to be called by other people within the same module or by a specified external account. In contrast, the ‘entry’ modifier allows any external account to call the function.

The bridge had a function called ‘publish_event’ that notified events such as token transfers. This function must be callable only by other functions within the same module or by a specific specified external entity. However, the function has been modified by both ‘public(friend)’ and ‘entry’ to allow anyone to call ‘publish_event’ even if they are not authorized to do so.

This flaw allows an attacker to create fake transactions that appear to move tokens from one account to another without actually moving tokens. These fake events resulted in the Ethereum version of the bridge issuing or unlocking tokens without supporting real deposits on the Aptos side, potentially resulting in losses of up to $5 million.

CertiK’s rapid action to patch and secure wormhole bridges

After discovering the flaw, CertiK immediately notified the Wormhole team on December 5, 2023. The team developed and tested a patch to close the security hole. They notified the Guardians of the protocol, who approved the patch through a multi-signature vote. The protocol’s Aptos contract was then upgraded to secure the bridge. This process took approximately 3 hours.

Read more: Crypto Scam Project: How to Spot Fake Tokens

In addition to removing the ‘entry’ keyword from the post_event function, the new patch also limits Aptos’ ‘governor rate limit’ from $5 million to $1 million. This strategic move was aimed at limiting potential losses from future exploits. CertiK noted that current usage is less than $1 million per day, so rate caps shouldn’t affect most users.

“This case study not only highlights the critical role of proactive security practices, but also celebrates the power of open source software to raise security and transparency standards across the Web3 world.” CertiK Added.

Wormhole also performed a retrospective analysis to determine whether the issue affected user funds. Research has confirmed that no funds have been transferred illegally and that users’ balances remain safe.

This isn’t the first time wormholes have faced security issues. In 2022, the bridge lost over $321 million due to a bug in the Solana part of the bridge, which allowed attackers to issue unsupported tokens. Despite this setback, Wormhole improved its security practices and recovered $1 billion in total locked value.

disclaimer

In compliance with Trust Project guidelines, BeInCrypto is committed to unbiased and transparent reporting. These news articles aim to provide accurate and timely information. However, before making any decisions based on this content, readers are encouraged to check the facts and consult with experts. Our Terms of Use, Privacy Policy and Disclaimer have been updated.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Why experts say that 99%of the traders are wrong

September 4, 2025

TOKEN2049 Singapore stops all records with the world’s largest Web3 event with 25,000 attendees in unprecedented demand.

September 3, 2025

Korean sleeves cut Tesla and pivot with encryption stocks.

September 2, 2025
Add A Comment

Comments are closed.

Recent Posts

Web3 Enabler Announces Blockchain Payments V3.1 At Northeast Dreamin In Boston

September 4, 2025

Is XRP The Dark Horse Of The Cryptocurrency World? Earn 652 XRP Daily Using Invro Mining’s Smart Contract

September 4, 2025

TRX Was Early, ETH Set The Standard, BNB Built The Scale- Now SYC Brings The Next Evolution

September 4, 2025

Sign Up And Receive $500 Bonus, Ushering In A New Era Of Compliant And Secure Crypto Investment

September 4, 2025

Why experts say that 99%of the traders are wrong

September 4, 2025

ChainUp Named Double Finalist At Thomson Reuters’ ALB Pan-Asian Regulatory Awards 2025

September 4, 2025

Integrated security classes can accelerate the adoption of institutional passwords.

September 4, 2025

Binance explodes 466m LUNC with oblivion: revival play or special effect?

September 4, 2025

Cardano founder says Chainlink quotes ‘ridiculous price’ to them.

September 3, 2025

Acurast launches ‘Staked Compute’ and challenges AWS, Azure and Google Cloud using the distributed smartphone network.

September 3, 2025

Solana-packee blockchain manually spreads

September 3, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Web3 Enabler Announces Blockchain Payments V3.1 At Northeast Dreamin In Boston

September 4, 2025

Is XRP The Dark Horse Of The Cryptocurrency World? Earn 652 XRP Daily Using Invro Mining’s Smart Contract

September 4, 2025

TRX Was Early, ETH Set The Standard, BNB Built The Scale- Now SYC Brings The Next Evolution

September 4, 2025
Most Popular

Tether CEO Paolo Ardoino Celebrates USDT’s $91.5 Billion Market Cap: ‘Tether Evolved’

December 29, 2023

The SEC admits the request to list the 21Shares XRP ETF of the CBOE.

February 18, 2025

Robert Kiyosaki Predicts US Collapse, Peter Schiff Warns of BTC Massacre, Grayscale Study on BTC Halving, and More — Review Week

February 18, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.