Yesterday, attackers leveraged a vulnerability in the Wormhole cryptocurrency platform and stole approximately $321 million in wETH (wrapped Ethereum).
The attack impacted Wormhole Portal, a blockchain bridge where users can conveniently exchange various types of cryptocurrency into other tokens.
Wormhole disclosed the attack yesterday at 3:42 PM EST and shut down the platform to investigate. The perpetrators minted and stole 120,000 wETH tokens on the Solana blockchain. Reportedly, attackers converted 80,000 of the stolen wETH tokens to Ethereum and started to sell the remainder on the Solana blockchain.
In the same announcement, the DeFi company said it’s adding ETH to the Wormhole network to ensure that wETH is backed 1:1.
A Wormhole representative reached out to the attacker’s address with a $10 million bug bounty offer and a “Whitehat agreement,” in exchange for returning the funds. However, the legitimacy of the contract varies depending on the jurisdiction, which means that authorities might still have to go after the perpetrator.
This is the Wormhole Deployer:
We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected]
Wormhole is an online platform that lets users transfer various types of cryptocurrency across different blockchains, including Binance Smart Chain, Ethereum, Solana, Polygon, Avalanche, Oasis, and Terra.
Bridge portals like Wormhole rely on “smart contracts” on the Ethereum blockchain. The contracts temporarily lock the original cryptocurrency and mint a wrapped version of the user’s desired token.
The Wormhole network exploit is one of the most expensive attacks and comes just a week after a similar attack hit Qubit, another blockchain bridge, for $80 million. A study finds that cybercriminals laundered $8.6 billion worth of cryptocurrency from cyberattacks and other illegal activities in 2021.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024