蟲洞漏洞利用者在復原工作中差點索賠 5 萬美元

蟲洞橋駭客攻擊導致 3.21 億美元被盜，最初允許駭客從最近的空投中索取價值 50,000 美元的 W 代幣。但調查顯示，駭客錢包地址的資格隨後被撤銷，這表明 Wormhole 團隊可能解決了疏忽問題。

Wormhole Exploiter Nearly Bags $50,000 Airdrop Amidst Recovery Efforts

蟲洞利用者在恢復工作中獲得了近 50,000 美元的空投

The infamous hacker responsible for the cataclysmic $321 million Wormhole bridge hack in February 2022 came perilously close to claiming a substantial airdrop of newly minted W tokens worth approximately $50,000.

臭名昭著的駭客在 2022 年 2 月造成了價值 3.21 億美元的災難性蟲洞橋駭客攻擊，幾乎聲稱價值約 5 萬美元的大量新鑄造 W 代幣空投。

On April 3, Wormhole announced the distribution of over 675 million W tokens, valued at around $850,000, to eligible users as part of its airdrop program. However, a glaring oversight by the Wormhole team initially allowed four wallet addresses associated with the infamous exploit to qualify for the airdrop.

4 月 3 日，Wormhole 宣布作為空投計畫的一部分，向符合條件的用戶分發超過 6.75 億個 W 代幣，價值約 85 萬美元。然而，蟲洞團隊的明顯疏忽最初允許與臭名昭著的漏洞相關的四個錢包地址有資格獲得空投。

These wallet addresses, had they not been promptly disqualified, would have been entitled to a substantial allocation of 31,642 W tokens, equivalent to approximately $50,000 at current prices. The revelation sparked concerns about the effectiveness of Wormhole's internal controls and the potential for malicious actors to exploit vulnerabilities in the airdrop distribution process.

如果這些錢包地址沒有立即取消資格，他們將有權獲得大量 31,642 W 代幣的分配，以當前價格計算，相當於約 50,000 美元。這項揭露引發了人們對 Wormhole 內部控制有效性以及惡意行為者利用空投分發過程中的漏洞的可能性的擔憂。

However, investigations by airdrop.link, a Solana-based airdrop checker, revealed that the hacker's eligibility had been revoked, indicating swift action by the Wormhole team to rectify the situation. The W token, upon its release, debuted at $1.66 on the decentralized exchange (DEX) OpenBook, boasting a market capitalization of $3 billion and a fully diluted value of $16.5 billion, as reported by CoinGecko.

然而，基於 Solana 的空投檢查器 Airdrop.link 的調查顯示，該駭客的資格已被取消，這表明 Wormhole 團隊已迅速採取行動糾正這種情況。根據 CoinGecko 報道，W 代幣發行後，在去中心化交易所 (DEX) OpenBook 上以 1.66 美元的價格首次亮相，市值為 30 億美元，完全稀釋後的價值為 165 億美元。

The distribution constitutes 6% of the total supply, with an additional 12% allocated to core contributors and 23.3% earmarked for the foundation's treasury. Initially launched on Solana, the token will be natively issued on Ethereum and layer-2 networks in the future.

此分配佔總供應量的 6%，另外 12% 分配給核心貢獻者，23.3% 指定給基金會金庫。該代幣最初在 Solana 上推出，未來將在以太坊和第 2 層網路上本地發行。

The Wormhole hack stands as one of the most significant breaches in the cryptocurrency industry's history. Exploiting a vulnerability on the liquidity bridge connecting the Ethereum and Solana blockchains, the attacker absconded with 120,000 wrapped ether, leaving Wormhole reeling from the financial blow.

蟲洞駭客攻擊是加密貨幣產業史上最重大的漏洞之一。攻擊者利用連接以太坊和 Solana 區塊鏈的流動性橋上的漏洞，帶著 12 萬個包裝好的以太幣潛逃，讓 Wormhole 遭受了財務打擊。

In a remarkable turn of events, Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app executed a "counter exploit" in February 2023, successfully recovering $225 million in digital assets from the hacker. These assets were subsequently transferred to secure wallets, providing a glimmer of hope amidst the crippling loss.

事態發生了驚人的轉變，Web3 基礎設施公司Jump Crypto 和去中心化金融(DeFi) 平台Oasis.app 在2023 年2 月執行了一次“反攻擊”，成功從黑客手中追回了2.25 億美元的數字資產。這些資產隨後被轉移到安全錢包中，在慘重的損失中帶來了一線希望。

Determined to fortify its defenses, Wormhole has implemented enhanced security measures and announced two bug bounty programs, offering a combined $2.5 million in rewards to researchers and developers who identify and report potential vulnerabilities. The company has also engaged multiple third-party firms to conduct audits and address critical issues in its system.

為了加強防禦，Wormhole 實施了增強的安全措施，並宣布了兩項漏洞賞金計劃，為識別和報告潛在漏洞的研究人員和開發人員提供總計 250 萬美元的獎勵。該公司還聘請了多家第三方公司進行審計並解決其係統中的關鍵問題。

The near-miss with the airdrop eligibility highlights the need for stringent internal controls and rigorous security protocols to prevent malicious actors from exploiting loopholes and profiting from stolen funds. The ongoing recovery efforts and the implementation of robust risk management practices demonstrate Wormhole's commitment to rebuilding trust and safeguarding user assets.

空投資格的險些失敗凸顯了嚴格的內部控制和嚴格的安全協議的必要性，以防止惡意行為者利用漏洞並從被盜資金中獲利。持續的復原工作和穩健的風險管理實務的實施表明了 Wormhole 對重建信任和保護使用者資產的承諾。