Wormhole Bridge Losses $322M in Recent Hack due to Vulnerability on Solana Side

Feb 3 2022 · 09:38 UTC by Ibukun Ogundare · 3 min read

The hack on Wormhole Bridge happened around 6:24 pm UTC, with the attacker minting 120,000 wETH on Solana.

After several attacks in the crypto space in 2021, which resulted in huge losses, Wormhole Bridge has seen the largest hack so far in 2022. On the 2nd of February, a thief leveraged a vulnerability on the Wormhole crypto platform to steal $322 million worth of ETH. Apart from being the largest crypto hack since the year started, the Wormhole Bridge attack is the second-largest DeFi hack to date. Wormhole allows users to move their tokens and non-fungible tokens (NFTs) between Solana and Ethereum. The protocol also allies the sending and receiving of crypto between Oasis, Terra, BSC, and Polygon without involving a centralized exchange (CEX).

The attack occurred on the Solana side of the bridge, and there are currently concerns that the bridge to Terra may also be vulnerable. Smart contract auditing firm Certik reported that “it is possible that Wormhole’s bridge to the Terra blockchain shares the same vulnerability as their Solana bridge.” Wormhole addressed the attack in a tweet, saying:

“The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience.”

A few hours later, the interoperability protocol added that it has fixed the vulnerability and is still working on getting the network back up soon.

Wormhole Sees Largest Hack So Far in 2022

The hack on Wormhole Bridge happened around 6:24 pm UTC, with the attacker minting 120,000 wETH on Solana. Less than five minutes later, the thief moved to redeem 93,750 wETH for ETH worth $245 million onto the Ethereum network. Since the attack, the hacker has used parts of the funds to buy Meta Capital (MCAP), SportX (SX), and Finally Usable Crypto Karma (FUCK). The attacker also proceeded to purchase Bored Ape Yacht Club Token (APE).

After making these purchases, the thief swaps the remaining wETH for Solana (SOL) and USDC. At the time of writing, the hacker’s Solana wallet holds 432,662.14 SOL, equaling $42,699,427.09.

In reaction, Wormhole developers have attempted to reach the hacker through a blockchain message. The team offered to allow the attacker to keep $10 million worth of the stolen funds if the person returned the remaining.

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected].”

The Wormhole Bridge hack is the second smart contract in the past week. Qubit’s QBridge protocol lost $80 million in another high-profile attack.

Altcoin News, Cryptocurrency News, News CoinGecko: 2024 Q1 Crypto Industry Report

By Steve Muchoki April 17th, 2024

The first quarter of 2024 saw the total crypto market cap gain over $1.1 trillion fueled by the historical approval of spot Bitcoin ETFs in the United States.

Altcoin News, Cryptocurrency News, News Coinbase Increases Support for Solana with SPL Token Integration

By Godfrey Benjamin April 17th, 2024

The move from different wallets to support SPL tokens suggests investors’ confidence and enthusiasm towards Solana products.

Cybersecurity News, News, Technology News Tom Holland’s X Account Hacked for Crypto Scam

By Chimamanda U. Martha April 17th, 2024

While the hackers were unsuccessful in their scheme, this is not the first time bad actors have hijacked celebrities’, important personalities’ and companies’ accounts on X to promote crypto scams.