Skip to content

Wormhole crypto bridge exploited for 120k Ethereum coins worth $325 million

  • by
  • 2 min read

Wormhole portal, a web-based platform that lets users convert one crypto to another, was hacked earlier Wednesday, with the attacker getting away with approximately $325 million worth of Ether. The attacker is believed to have tricked the ‘smart contracts’ feature of the portal into tricking it into releasing more ETH and SOL coins than the provided input.

Overall, the exploit allowed the attacker to extract 120,000 wrapped ETH on the Solana blockchain, out of which 93,750 ETH has already been transferred to the Ethereum blockchain. The vulnerability has been fixed at the time of writing, and Wormhole is trying to get the network back up and running.

Wormhole has offered the attacker $10 million in bounty and a whitehat contract, meaning the company most likely won’t pursue any criminal action against them. The message was embedded in an Ethereum transaction sent to the attacker’s wallet. 

In the News: Fake job postings stealing money and information; FBI issues warning

What’s going on with the blockchain?

Platforms like Wormhole are called blockchain bridges, allowing users to convert particular crypto to another. Wormhole is a DeFi portal that uses smart contracts on the Ethereum blockchain to convert the input crypto into a temporary token, which is then converted to the final crypto. 

News of the hack has caused some price fluctuations in the crypto market, dropping the attacker’s total stolen worth to about $294 million. The company has acknowledged the incident and has put its site in maintenance mode as it investigates the issue. 

Cryptocurrency: Difference between a Hard fork and Soft fork

According to data from the DeFiYield project, if the amount stolen is confirmed, this will likely be the largest cryptocurrency hack this year and the second-largest for a DeFi platform. 

DeFi and crypto platforms, in general, have been victims of a rising number of cyber-attacks recently. On January 27, Qubit Finance, another DeFi platform, was hacked, which resulted in the attacker stealing $80 million from the company. On January 17, Crypto.com was hacked as well. The attack ended up costing them over $35 million, with 483 user accounts being impacted. 

In the News: 23 critical UEFI vulnerabilities found impacting at least 25 computer brands

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>