Wormhole has confirmed the hack but claims that the stolen funds have been restored and the vulnerability in smart contact that was exploited has been patched as well.
Wormhole, a cryptocurrency platform has suffered a massive hack in which hackers have stolen $320 million worth of wETH (or wrapped Ether), the company confirmed on Wednesday, February 2nd, 2022. The attack took place at 6:24 pm UTC on Wednesday.
For your information, Wormhole functions as a communication bridge between decentralized-finance blockchain networks including Solana. (According to CoinMarketCap, the price of Solana’s SOL token is 8.52% down in the last 24 hours.)
In a series of tweets, the company explained that unknown hackers “exploited” a smart contract vulnerability and breached its defenses to carry out a hack that is now being labeled as the fourth-largest crypto heist to date.
It is worth noting that hackers have been exploiting smart contract vulnerability since last year. The previous victims of this flaw include the following:
- Multichain (in which over $3 million were stolen)
- Badger Defi ( in which $120 million were stolen)
- MonoX (in which attackers manage to steal $30 million
- BitMart ( in which hackers stole $150 million worth of ETH)
As for the Wormhole hack; the platform did not respond to Hackread.com’s request to comment however on its Telegram group and Twitter handle it claims that the vulnerability has been fixed and all funds have been restored.
Wormhole’s $10m “bounty” offer to attackers
According to London, United Kingdom-based Blockchain analytics and crypto compliance solutions provider Elliptic, Wormhole offered a “bounty” of $10 million to the attackers.
The blockchain analysis provider also shared a screenshot that shows a message sent by Wormhole to the attacker’s digital address.
This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at firstname.lastname@example.org.Wormhole
This screenshot reveals Wormhole’s offer embedded within ether transactions sent to the attacker’s digital address:
Largest crypto hacks
It is a fact that cyberattacks against cryptocurrency platforms have increased dramatically and the attack on Wormhole is also one of the largest crypto heists in the recent past. Some of the previous large scale hacks against crypto platforms include:
- Poly Network – $600 million stolen in August 2021
- Coincheck – $535 million stolen in January 2018
- Mt. Gox – $450 million stolen in 2014
- KuCoin – $275 million stolen in September 2020
- CoinBene – $105 million stolen in March 2019.
At the time of publishing this article, all Wormhole services were restored and back online.