Connect with us

DeFi

DeFi’s second-largest exploit costs cross-chain network Wormhole over $326M

Published

on

Source: Pixabay


While 2021 was inarguably the year of DeFi hacks, 2022 is fast catching up to its predecessor. Although January witnessed its fair share of crypto-crime, February may soon put it in its shadow. Especially now that cross-chain bridge Wormhole has reportedly suffered an exploit worth over $326 million.

The platform, one facilitating token transfers between Ethereum, Solana, and other platforms without an intermediary, suffered a loss of 120,000 wrapped Ether (wETH) tokens on the Solana side of its bridge.

While the Wormhole team has assured the community that ETH supply will be added back on the platform to “ensure wETH is backed 1:1,” a definitive timeline on the same is yet to be released, along with how the additional ETH will be procured.

The hack was first pointed out by community members due to large transactions taking place on 2 February. The culprits minted 120,000 wETH on Solana, out of which they converted and redeemed 93,750 into ETH. It was worth around $254 million. The hacker used some funds to buy SportX (SX), Meta Capital (MCAP), and later, Usable Crypto Karma (FUCK), and Bored Ape Yacht Club Token (APE).

The rest of the wETH was converted into SOL and USDC on Solana, post which around 432,622 SOL now remain in the hacker’s wallet.

According to Paradigm security researcher “samczsun”, the network has reached out to the hacker’s address. In doing so, it offered the culprit a $10 million bug bounty if the funds are returned. The request read,

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at contact@certus.one”

As for the platform’s current state, its team has assured users that the vulnerability has now been patched, even if it remains non-operational as of now. While no other assets or chains served by Wormhole have yet been affected, blockchain security firm Certik believes the Terra side of the bridge could also be exposed to similar vulnerabilities.

While it is the second smart contract hack to take place this year, this episode is also the second-largest DeFi exploit to date. It only fell short of Poly Market’s exploit in August last year, which cost the platform over $600 million. Thankfully for the network, most of the funds were returned by the white hat hacker for a modest $500,000 “security bug bounty.”

Overall, however, DeFi hacks have emerged as a major concern for the industry. 2021 witnessed an all-time high – $1.3 billion worth of assets lost – a 2500% increase from 2020.

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.


Please select your Email Preferences.

Anjali is a full-time journalist at AMBCrypto. With a strong background in humanities, her personal inclination lies towards the political and socio-economic aspects of the crypto-sphere

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.