Wormhole Hacked And Funds Restored
The Wormhole bridge linking the Ethereum and Solana blockchains suffered an exploit that resulted in $320 Million being stolen from the platform.
The exploit was marked as the second-largest decentralized finance (DeFi) hack after the Poly Network hack last year.
The platform has announced that it has managed to restore the stolen funds. The bridge usually serves using an escrow, where the number of wrapped Ethereum (wETH) tokens held is equal to the ETH held. However, the attack caused an imbalance.
Jump Crypto Helps Restore Stolen Funds
The Wormhole bridge uses wrapped Ethereum to access the Ethereum and Solana blockchains. The value of wETH is pegged to the value of Ethereum and users that want to use the bridge have to buy ETH first that they can later swap with wETH.
A tweet released by Wormhole has stated that the funds stolen during the exploit had been restored and that the platform had returned to normalcy. It also noted that all the wETH had been backed up 1:1.
Many in the cryptocurrency space found it curious that Wormhole was able to replace the stolen funds so quickly. Until recently, it was kept secret that high speed crypto trading firm Jump Crypto actually provided the replacement ETH.
The attack resulted in a significant loss for Wormhole. The platform sent a message to the attacker via the Ethereum blockchain, asking them to restore the stolen funds and receive a bounty.
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details and returning wETH you’ve minted,” the message read.
A short time later, the platform tweeted another post saying that the network was down for maintenance as it investigated a potential exploit into the network.
Afterwards, the platform confirmed the details of this exploit on Twitter by assuring users that normalcy would be restored. It added that Ethereum would be added to the network over the next hours until the escrow is fully backed.
The exploit has elicited mixed reactions across the crypto community as it was done on Solana’s side. Solana has suffered around six outages in four months, raising questions about the security of the blockchain.
Additionally, Ethereum’s co-founder, Vitalik Buterin, had previously warned about vulnerabilities in multi-chain bridges.
According to Elliptic, a blockchain analytics site, this exploit happened due to the failure of Wormhole to validate its “guardian accounts.” This allowed the attacker to mint 120,000 wETH not backed by Ethereum. The hacker changed 93,750 wETH into Ethereum and converted the rest to Solana.
Cross Chain Bridge Hacks
The number of attacks on cross-chain bridges has increased significantly in recent weeks.
Last week, a DeFi protocol, Qubit, also suffered a similar exploit that resulted in $80 Million being stolen from the platform.
Multichain, a cross-chain router protocol, was also exploited recently and $3 Million was stolen from the platform. The exploit was done by multiple hackers, but one whitehat refunded $900,000 to the protocol. The rest of the funds have not been returned.
This trend shows that vulnerabilities on cross-chain platforms have become a target for DeFi hackers.