Tag Archive for: hole

Solana price ‘bear flag’ paints $50 target as Wormhole hack exposes security hole

/in


Solana (SOL) became one of the worst performers among the top cryptocurrencies on Feb. 3 as traders assessed its links with the second-biggest hack to date.

$325M worth of wETH gone

SOL price dropped by 5.50% to below $96.50 as Wormhole, a bridge between Solana and Ethereum blockchains, reportedly lost $325 million worth of Wrapped Ethereum (wETH) due to a technical vulnerability.

Prior to the hack on Wednesday, SOL was trading as high as $112.

In detail, hackers tricked a series of Solana’s smart contracts into signing illicit transactions digitally posing as “guardians,” reported blockchain researcher Kelvin Fichter on Feb. 2, the night after the hack. He wrote:

“The attacker made it look like the guardians had signed off on a 120K deposit into Wormhole on Solana, even though they hadn’t. All the attacker needed to do now was to make their “play” money real by withdrawing it back to Ethereum.”

Wormhole said that it would add Ethereum’s native token Ether (ETH) “over the next hours” to back wETH on the Solana network on a 1:1 basis. However, the project did not clarify the source of the funds that would be used to buy ETH tokens.

Bear flag triggered

The selloff in the Solana market across the last 24 hours came closer to triggering a bearish continuation setup that may send the SOL price down by another 50%.

Dubbed “bear flag,” the pattern emerges when the price consolidates sideways/higher after a strong downside move, called “flagpole.” In a perfect world, the price eventually breaks below the consolidation range and falls by as much as the flagpole’s length.

So far, SOL/USD has been forming the same bear flag pattern, as shown in the chart below.

SOL/USD daily price chart featuring bear flag setup….

Source…

Log4Shell-like security hole found in popular Java SQL database engine H2 – Naked Security

/in


“It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.”

That’s the briefest summary we can come up with of the bug CVE-2021-42392, a security hole recently reported by researchers at software supply chain management company Jfrog.

This time, the bug isn’t in Apache’s beleagured Log4j toolkit, but can be found in a popular Java SQL server called the H2 Database Engine.

H2 isn’t like a traditional SQL system such as MySQL or Microsoft SQL server.

Although you can run H2 as a standalone server for other apps to connect into, its main claim to fame is its modest size and self-contained nature.

As a result, you can bundle the H2 SQL database code right into your own Java apps, and run your databases entirely in memory, with no need for separate server processes.

As with Log4j, of course, this means that you may have running instances of the H2 Database Engine code inside your organisation without realising it, if you use any apps or development components that themselves quietly include it.