Decentralized Finance Project Loses $320mln to Hackers February 3, 2022 February 3, 2022 Kelly Cromley http://1AZFjzw2#Nwf63pYaMWq#xIY
Ethereum NewsFebruary 3, 2022 by Kelly Cromley

Decentralized Finance Project Loses $320mln to Hackers

Wormhole, a well-known cryptocurrency network that acts as a bridge between several blockchains, reported an exploit on Twitter. The attacker seems to have taken advantage of the Ethereum-Solana blockchain bridge. It moved around $320 million in ETH to non-Wormhole-affiliated crypto wallets. A bridge is a collection of smart contracts that enables the exchange of data and transactions across several blockchains. Typically, users access a bridge through a web application. They establish a connection between their wallet and the web application and then start a transaction.

Once the origin blockchain confirms the transaction, crypto assets are freed and transferred to the user wallet on the destination blockchain. For example, you might transfer ETH and get SOL in return. Wormhole’s website was taken down yesterday. “The wormhole network is now unavailable for maintenance while we investigate a possible vulnerability,” the team posted on Twitter. Two questionable transactions were promptly identified by cryptocurrency researchers.

The exploiter seems to have discovered an exploit and produced 120,000 wETH that resemble Wormhole’s Solana blockchain reserve of “wrapped” ETH. The exploiter then bridged 10,000 ETH to the Ethereum network two minutes later. A further 80,000 ETH transaction happened on the Ethereum network 22 minutes later. Again, it seems as if the exploiter has transferred part of its holdings to an Ethereum wallet.

Wormhole’s viewpoint revealed the freshly minted wETH to be normal wETH. Wormhole sent ETH to an Ethereum wallet based on those wETH, implying that the exploiter took ETH from Wormhole’s reserves. To put this in context, 120,000 ETH was valued at approximately $320 million at the time of the transactions – one ETH was valued at $2681.

At the time of writing, ETH was trading at $2622, down 2.2 percent since the attack. Later in the day, the Wormhole team validated the vulnerability. “The wormhole network was monetized to the tune of 120k wETH,” the team announced on Twitter.



Wormhole said in another tweet that “the vulnerability has been fixed.” As I write this, the bridge remains closed. It is unknown what will happen to the assets and if the wETH in Wormhole’s reserves is still backed by ETH. Wormhole sent a notice to the exploiter initiating a transaction.

The Wormhole team is prepared to make a ten-million-dollar bid for the assets. It’s going to be an odd choice. Wormhole wrote the following: This is the location of the Wormhole Deployer:
We observed you were able to take use of the Solana VAA verification and token minting. We’d want to offer you a whitehat agreement and a $10 million bug reward for exploit specifics, as well as refund the wETH you’ve earned.
Contact us at contact@certus.one.

AuthorKelly Cromley

Kelly is our in house crytpto researcher, delving into the stories which matter from blockchains being used in the real world to new ico coming out.