Decentralized Finance Project Loses $320mln to Hackers

Kelly Cromley

2 years ago

Wormhole, a well-known cryptocurrency network that acts as a bridge between several blockchains, reported an exploit on Twitter. The attacker seems to have taken advantage of the Ethereum-Solana blockchain bridge. It moved around $320 million in ETH to non-Wormhole-affiliated crypto wallets. A bridge is a collection of smart contracts that enables the exchange of data and transactions across several blockchains. Typically, users access a bridge through a web application. They establish a connection between their wallet and the web application and then start a transaction.

Once the origin blockchain confirms the transaction, crypto assets are freed and transferred to the user wallet on the destination blockchain. For example, you might transfer ETH and get SOL in return. Wormhole’s website was taken down yesterday. “The wormhole network is now unavailable for maintenance while we investigate a possible vulnerability,” the team posted on Twitter. Two questionable transactions were promptly identified by cryptocurrency researchers.

The exploiter seems to have discovered an exploit and produced 120,000 wETH that resemble Wormhole’s Solana blockchain reserve of “wrapped” ETH. The exploiter then bridged 10,000 ETH to the Ethereum network two minutes later. A further 80,000 ETH transaction happened on the Ethereum network 22 minutes later. Again, it seems as if the exploiter has transferred part of its holdings to an Ethereum wallet.

Wormhole’s viewpoint revealed the freshly minted wETH to be normal wETH. Wormhole sent ETH to an Ethereum wallet based on those wETH, implying that the exploiter took ETH from Wormhole’s reserves. To put this in context, 120,000 ETH was valued at approximately $320 million at the time of the transactions – one ETH was valued at $2681.

At the time of writing, ETH was trading at $2622, down 2.2 percent since the attack. Later in the day, the Wormhole team validated the vulnerability. “The wormhole network was monetized to the tune of 120k wETH,” the team announced on Twitter.

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

The vulnerability has been patched.

We are working to get the network back up as soon as possible.

— Wormhole🌪 (@wormholecrypto) February 3, 2022

Wormhole said in another tweet that “the vulnerability has been fixed.” As I write this, the bridge remains closed. It is unknown what will happen to the assets and if the wETH in Wormhole’s reserves is still backed by ETH. Wormhole sent a notice to the exploiter initiating a transaction.

The Wormhole team is prepared to make a ten-million-dollar bid for the assets. It’s going to be an odd choice. Wormhole wrote the following: This is the location of the Wormhole Deployer:
We observed you were able to take use of the Solana VAA verification and token minting. We’d want to offer you a whitehat agreement and a $10 million bug reward for exploit specifics, as well as refund the wETH you’ve earned.
Contact us at contact@certus.one.