Photo: John Paul Summers/Unsplash
Wormhole, one of the most popular blockchain bridges that link the Ethereum and Solana blockchains, has suffered a theft of cryptocurrencies worth more than $320 million in an apparent hack.
This could be one of the biggest hacks to ever hit the booming and largely unregulated decentralized finance (DeFi) space, according to analysts at blockchain security firm CertiK.
DeFi platforms such as Wormhole allow users to swap, lend, borrow and save Solana directly for other cryptocurrencies on decentralized apps, or dApps, across the Ethereum crypto network while bypassing traditional gatekeepers of finance such as banks.
Wormhole notified users of a possible attack through a Twitter post shared on Feb. 2, saying its network was down for maintenance as the firm investigated a potential attack.
The attackers managed to forge a valid signature for a transaction that allowed them to freely mint 120,000 wETH or wrapped Ethereum with a value equivalent to $325 million at the time of the theft. WETH is a currency that allows users to make pre-authorized bids that can be fulfilled at a later date without any further action from the bidder. ETH and WETH are worth the same amount and can be exchanged.
This wETH was then exchanged for around $250 million in Ethereum that was sent from Wormhole to the hackers’ account, effectively liquidating a large amount of the platform’s Ethereum funds that were being held as collateral for transactions on the Solana blockchain.
The attackers also kept 40,000 ETH on Solana, where they have been selling for other assets, according to another developer.
Wormhole said on Twitter that it was “exploited” for 120,000 units of a version of the second-largest cryptocurrency, Ether.
Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin as an investment asset including origin risk, speculative market structure, regulatory, and environment. Are broader financial markets in a massive speculative bubble?
“The wormhole network was exploited for 120k wETH.Eth will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience,” it tweeted.
Jump Crypto, the cryptocurrency-focused investment arm of quant trading firm Jump Trading, which has raised more than $700 million in capital, tweeted Thursday afternoon that it had “replaced” 120,000 stolen Ethereum-based tokens to “support Wormhole.”
Jump’s tweet came after Wormhole confirmed on Twitter that funds involved in the hack had been “restored” and said on Telegram that “all funds are safe.”
Wormhole offered the attacker a $10 million bounty to return the funds, according to blockchain analytics company Elliptic, which called the Feb. 2 incident the fourth largest cryptocurrency hack ever.
Fraud and theft on DeFi platforms surpassed $10 billion in 2021, according to research, highlighting the risks in the mostly unregulated but fast-growing area of cryptocurrencies.
Photo: John Paul Summers/Unsplash
