Connect with us
Active Currencies 13546
Market Cap $2,786,718,771,314.00
Bitcoin Share 49.73%
24h Market Cap Change $1.35

DeFi’s second-largest exploit costs cross-chain network Wormhole over $326M

2min Read

Share this article

While 2021 was inarguably the year of DeFi hacks, 2022 is fast catching up to its predecessor. Although January witnessed its fair share of crypto-crime, February may soon put it in its shadow. Especially now that cross-chain bridge Wormhole has reportedly suffered an exploit worth over $326 million.

The platform, one facilitating token transfers between Ethereum, Solana, and other platforms without an intermediary, suffered a loss of 120,000 wrapped Ether (wETH) tokens on the Solana side of its bridge.

While the Wormhole team has assured the community that ETH supply will be added back on the platform to “ensure wETH is backed 1:1,” a definitive timeline on the same is yet to be released, along with how the additional ETH will be procured.

The hack was first pointed out by community members due to large transactions taking place on 2 February. The culprits minted 120,000 wETH on Solana, out of which they converted and redeemed 93,750 into ETH. It was worth around $254 million. The hacker used some funds to buy SportX (SX), Meta Capital (MCAP), and later, Usable Crypto Karma (FUCK), and Bored Ape Yacht Club Token (APE).

The rest of the wETH was converted into SOL and USDC on Solana, post which around 432,622 SOL now remain in the hacker’s wallet.

According to Paradigm security researcher “samczsun”, the network has reached out to the hacker’s address. In doing so, it offered the culprit a $10 million bug bounty if the funds are returned. The request read,

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at contact@certus.one”

As for the platform’s current state, its team has assured users that the vulnerability has now been patched, even if it remains non-operational as of now. While no other assets or chains served by Wormhole have yet been affected, blockchain security firm Certik believes the Terra side of the bridge could also be exposed to similar vulnerabilities.

While it is the second smart contract hack to take place this year, this episode is also the second-largest DeFi exploit to date. It only fell short of Poly Market’s exploit in August last year, which cost the platform over $600 million. Thankfully for the network, most of the funds were returned by the white hat hacker for a modest $500,000 “security bug bounty.”

Overall, however, DeFi hacks have emerged as a major concern for the industry. 2021 witnessed an all-time high – $1.3 billion worth of assets lost – a 2500% increase from 2020.

Share

Anjali is a full-time journalist at AMBCrypto. With a strong background in humanities, her personal inclination lies towards the political and socio-economic aspects of the crypto-sphere
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.