The Cross-chain protocol, Wormhole, was the victim of a large hack. The attacker exploited a weakness in the protocol and stole roughly $323 million in Ethereum (ETH). Wormhole functions as a link between the Ethereum and Solana blockchains, enabling users to exchange one cryptocurrency for another.
Diving Into The Hack Details
As of yet, it is uncertain how the hacker managed to attack the protocol. However, some evidence shows that the hacker took advantage of a procedure by which the bridge turns an input cryptocurrency into a temporary token. Furthermore, you may then change this into the desired output currency.
When the hacker utilized the same approach to deceive the protocol into releasing Solana and Ethereum tokens, the output was astonishing. The protocol released considerably more output tokens than the hacker had initially given. As a result, the hacker successfully stole ETH worth $322.8 million. Despite this, price changes have caused the value of the stolen cryptocurrency to decline to $294 million.
A Twitter thread by Kelvin Fichter went into further detail about the hack. Fitcher explains how the hacker discovered a weakness and used it to drain the Ethereum network’s reserves.
Alright. I figured out the Solana x Wormhole Bridge hack. ~300 million dollars worth of ETH drained out of the Wormhole Bridge on Ethereum. Here’s how it happened.
— smartcontracts (@kelvinfichter) February 3, 2022
Wormhole’s Perspective About The Hack
Wormhole confirmed the hack they experienced on Twitter without adding any further comments for this issue regarding it. However, they stated that they would put their network in maintenance mode to investigate the attack.
In addition, the protocol provided some more information on the hack, noting that the hacker stole 120k wETH tokens. According to the company’s statement, they would add ETH over the upcoming hours. Furthermore, they state that they will make sure wETH is available to trade 1:1 with ETH. Later on, the protocol posted a tweet claiming that they found and fixed the vulnerability. Also, it emphasized that the team was working on restoring service to the network as soon as possible.
On the other hand, Wormhole tried to negotiate with the hacker. It offered the hacker a $10 million reward and a whitehat contract in exchange for returning the stolen cash. Henceforth, Wormhole will not take any legal action against the hacker. However, it is vital to keep in mind that the hacker might still be pursued by the police regardless of Wormhole’s decision.
Hacking, A New Common Trend
Recently, there were several news articles reporting hacker attacks. According to the CTO of ZenGo, Tal Be’ery, hackers have been attacking weaknesses in blockchain bridges. In the past week, a similar attack occurred on Qubit Finance, which resulted in the theft of $80 million. As per the record, Wormhole has been hacked more than any other cryptocurrency platform this year. It is also thought to be the second-largest hack of a DeFi platform.