Cross-chain protocol Wormhole experienced a significant hack after an attacker exploited a vulnerability in the protocol and stole nearly $323 million worth of ETH. Wormhole acts as a bridge between the Ethereum and Solana blockchains, allowing users to convert one cryptocurrency into another.
Details Of The Hack
While it is not entirely clear how the attacker carried out the attack, evidence suggests that the hacker exploited the process through which the bridge converts a cryptocurrency into a temporary token, which can then be converted into the desired output currency.
The hacker used the same process and tricked the protocol into releasing SOL and ETH tokens, resulting in the protocol releasing far greater output tokens than initially provided by the hacker and successfully stealing ETH worth $322.8 million. Due to price fluctuations, the stolen cryptocurrency has since depreciated to $294 million.
The details of the hack were further explained on a Twitter thread by Kelvin Fichter, who detailed exactly how the hacker exploited the vulnerability and drained out ETH.
Wormhole Patches Vulnerability
Wormhole has so far not commented on the developments but confirmed the attack on Twitter while also stating that it would be putting its network on maintenance mode as it investigated the attack. The protocol tweeted,
“The wormhole network is down for maintenance as we look into a potential exploit. We will provide updates here as soon as we have them. Thank you for your patience.”
The protocol also shared a few details regarding the hack, stating that the network was exploited for 120k wETH. It stated that it would be adding ETH over the next few hours and ensure that wETH will be available 1:1. A few hours later, the protocol took to Twitter again to assure users that it had patched the vulnerability, with the team working on getting the network back up and running.
An Emerging Trend
Tal Be’ery, ZenGo CTO, stated that the hack was part of an emerging trend where hackers have been exploiting vulnerabilities in blockchain bridges. A week ago, Qubit Finance was subject to a similar hack where a hacker stole $80 million. Speculation is rife that the Wormhole hack is probably the largest hack involving a cryptocurrency platform during the year and the second-largest hack of a Decentralized Finance platform.
Wormhole Issues Appeal
Wormhole, on its part, issued an appeal to the hacker, asking them to return the stolen funds in exchange for a $10 million reward and a whitehat contract. This means that Wormhole would not be filing any criminal complaint or action against the hacker. However, it is important to remember that authorities could still decide to go after the hacker in any case, irrespective of Wormhole refusing to pursue the matter.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2022/02/hacker-steals-over-323-million-worth-of-eth-from-cross-chain-protocol-wormhole