Wormhole portal, a web-based platform that lets users convert one crypto to another, was hacked earlier Wednesday, with the attacker getting away with approximately $325 million worth of Ether. The attacker is believed to have tricked the ‘smart contracts’ feature of the portal into tricking it into releasing more ETH and SOL coins than the provided input.
Overall, the exploit allowed the attacker to extract 120,000 wrapped ETH on the Solana blockchain, out of which 93,750 ETH has already been transferred to the Ethereum blockchain. The vulnerability has been fixed at the time of writing, and Wormhole is trying to get the network back up and running.
Wormhole has offered the attacker $10 million in bounty and a whitehat contract, meaning the company most likely won’t pursue any criminal action against them. The message was embedded in an Ethereum transaction sent to the attacker’s wallet.
What’s going on with the blockchain?
Platforms like Wormhole are called blockchain bridges, allowing users to convert particular crypto to another. Wormhole is a DeFi portal that uses smart contracts on the Ethereum blockchain to convert the input crypto into a temporary token, which is then converted to the final crypto.
News of the hack has caused some price fluctuations in the crypto market, dropping the attacker’s total stolen worth to about $294 million. The company has acknowledged the incident and has put its site in maintenance mode as it investigates the issue.
According to data from the DeFiYield project, if the amount stolen is confirmed, this will likely be the largest cryptocurrency hack this year and the second-largest for a DeFi platform.
DeFi and crypto platforms, in general, have been victims of a rising number of cyber-attacks recently. On January 27, Qubit Finance, another DeFi platform, was hacked, which resulted in the attacker stealing $80 million from the company. On January 17, Crypto.com was hacked as well. The attack ended up costing them over $35 million, with 483 user accounts being impacted.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.