虫洞漏洞利用者在恢复工作中差点索赔 5 万美元

虫洞桥黑客攻击导致 3.21 亿美元被盗，最初允许黑客从最近的空投中索取价值 50,000 美元的 W 代币。但调查显示，该黑客钱包地址的资格随后被撤销，这表明 Wormhole 团队可能已经解决了疏忽问题。

Wormhole Exploiter Nearly Bags $50,000 Airdrop Amidst Recovery Efforts

虫洞利用者在恢复工作中获得了近 50,000 美元的空投

The infamous hacker responsible for the cataclysmic $321 million Wormhole bridge hack in February 2022 came perilously close to claiming a substantial airdrop of newly minted W tokens worth approximately $50,000.

臭名昭著的黑客在 2022 年 2 月造成了价值 3.21 亿美元的灾难性虫洞桥黑客攻击，险些声称价值约 50,000 美元的大量新铸造 W 代币空投。

On April 3, Wormhole announced the distribution of over 675 million W tokens, valued at around $850,000, to eligible users as part of its airdrop program. However, a glaring oversight by the Wormhole team initially allowed four wallet addresses associated with the infamous exploit to qualify for the airdrop.

4 月 3 日，Wormhole 宣布作为空投计划的一部分，向符合条件的用户分发超过 6.75 亿个 W 代币，价值约 85 万美元。然而，虫洞团队的明显疏忽最初允许与臭名昭著的漏洞相关的四个钱包地址有资格获得空投。

These wallet addresses, had they not been promptly disqualified, would have been entitled to a substantial allocation of 31,642 W tokens, equivalent to approximately $50,000 at current prices. The revelation sparked concerns about the effectiveness of Wormhole's internal controls and the potential for malicious actors to exploit vulnerabilities in the airdrop distribution process.

如果这些钱包地址没有被立即取消资格，他们将有权获得大量 31,642 W 代币的分配，按当前价格计算，相当于约 50,000 美元。这一披露引发了人们对 Wormhole 内部控制有效性以及恶意行为者利用空投分发过程中的漏洞的可能性的担忧。

However, investigations by airdrop.link, a Solana-based airdrop checker, revealed that the hacker's eligibility had been revoked, indicating swift action by the Wormhole team to rectify the situation. The W token, upon its release, debuted at $1.66 on the decentralized exchange (DEX) OpenBook, boasting a market capitalization of $3 billion and a fully diluted value of $16.5 billion, as reported by CoinGecko.

然而，基于 Solana 的空投检查器 Airdrop.link 的调查显示，该黑客的资格已被取消，这表明 Wormhole 团队已迅速采取行动纠正这种情况。据 CoinGecko 报道，W 代币发行后，在去中心化交易所 (DEX) OpenBook 上以 1.66 美元的价格首次亮相，市值为 30 亿美元，完全稀释后的价值为 165 亿美元。

The distribution constitutes 6% of the total supply, with an additional 12% allocated to core contributors and 23.3% earmarked for the foundation's treasury. Initially launched on Solana, the token will be natively issued on Ethereum and layer-2 networks in the future.

此次分配占总供应量的 6%，另外 12% 分配给核心贡献者，23.3% 指定给基金会金库。该代币最初在 Solana 上推出，未来将在以太坊和第 2 层网络上本地发行。

The Wormhole hack stands as one of the most significant breaches in the cryptocurrency industry's history. Exploiting a vulnerability on the liquidity bridge connecting the Ethereum and Solana blockchains, the attacker absconded with 120,000 wrapped ether, leaving Wormhole reeling from the financial blow.

虫洞黑客攻击是加密货币行业历史上最重大的漏洞之一。攻击者利用连接以太坊和 Solana 区块链的流动性桥上的漏洞，带着 120,000 个包装好的以太币潜逃，让 Wormhole 遭受了财务打击。

In a remarkable turn of events, Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app executed a "counter exploit" in February 2023, successfully recovering $225 million in digital assets from the hacker. These assets were subsequently transferred to secure wallets, providing a glimmer of hope amidst the crippling loss.

事态发生了惊人的转变，Web3 基础设施公司 Jump Crypto 和去中心化金融 (DeFi) 平台 Oasis.app 在 2023 年 2 月执行了一次“反攻击”，成功从黑客手中追回了 2.25 亿美元的数字资产。这些资产随后被转移到安全钱包中，在惨重的损失中带来了一线希望。

Determined to fortify its defenses, Wormhole has implemented enhanced security measures and announced two bug bounty programs, offering a combined $2.5 million in rewards to researchers and developers who identify and report potential vulnerabilities. The company has also engaged multiple third-party firms to conduct audits and address critical issues in its system.

为了加强防御，Wormhole 实施了增强的安全措施，并宣布了两项漏洞赏金计划，为识别和报告潜在漏洞的研究人员和开发人员提供总计 250 万美元的奖励。该公司还聘请了多家第三方公司进行审计并解决其系统中的关键问题。

The near-miss with the airdrop eligibility highlights the need for stringent internal controls and rigorous security protocols to prevent malicious actors from exploiting loopholes and profiting from stolen funds. The ongoing recovery efforts and the implementation of robust risk management practices demonstrate Wormhole's commitment to rebuilding trust and safeguarding user assets.

空投资格的险些失败凸显了严格的内部控制和严格的安全协议的必要性，以防止恶意行为者利用漏洞并从被盗资金中获利。持续的恢复工作和稳健的风险管理实践的实施表明了 Wormhole 对重建信任和保护用户资产的承诺。