Hackers hacked Wormhole, a bridge between Solana and other blockchains, stealing $320 million in the second-largest DeFi hack ever
In August last year, we wrote about a DeFi theft involving Polygon after hackers exploited the interoperability protocol on Binance Smart Chain stealing more than $600 million from at least three wallet addresses. The exploit was the largest DeFi hack ever reported. A day later, the hacker group returned $260 million of the $600 million stolen back to the crypto platform.
Fast forward six months later, the hackers have struck again, this time hacking Wormhole, one of the biggest bridges between Solana and other blockchains. The wormhole breach is worth around $320 million, or 120,000 ETH potentially stolen, making it the second-largest DeFi hack to date, according to a report from Blockworks,
In a post on Telegram group, a Wormhole admin who goes by the username d231d, wrote: “As far as we can tell now, only wETH has been affected, no other tokens.” The admin added that the portal bridge is down and asked members not to initiate further transactions.
Meanwhile, The protocol offered the hacker a bounty of $10 million for details on the exploit and return of the stolen wrapped ether. The network has over $1 billion in total value locked and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche, and Polygon.
In a tweet Wednesday evening, the interoperability protocol confirmed the exploit saying “ETH will be added over the next hours to ensure wETH is backed 1:1,” the protocol wrote. “More details to come shortly. We are working to get the network back up quickly.”
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole (@wormhole) February 2, 2022
While it’s still unknown how the hacker managed to exploit the network, the breach took place over three different transactions around 2:00 pm EST on Wednesday, according to Etherscan data.
During the period, some users reported stuck transactions, but the admin said that “as soon as the network is back up, you will be able to redeem the tokens you sent into the bridge.”
Wormhole sent an on-chain message to the hacker about an hour after the exploit, offering a reward for the return of the tokens.
“We noticed you were able to exploit the Solana VAA verification and mint tokens,” the message said. “We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”