Ibukun is a crypto/finance writer interested in passing relevant information, using non-complex words to reach all kinds of audience. Apart from writing, she likes to see movies, cook, and explore restaurants in the city of Lagos, where she resides.
The hack on Wormhole Bridge happened around 6:24 pm UTC, with the attacker minting 120,000 wETH on Solana.
After several attacks in the crypto space in 2021, which resulted in huge losses, Wormhole Bridge has seen the largest hack so far in 2022. On the 2nd of February, a thief leveraged a vulnerability on the Wormhole crypto platform to steal $322 million worth of ETH. Apart from being the largest crypto hack since the year started, the Wormhole Bridge attack is the second-largest DeFi hack to date. Wormhole allows users to move their tokens and non-fungible tokens (NFTs) between Solana and Ethereum. The protocol also allies the sending and receiving of crypto between Oasis, Terra, BSC, and Polygon without involving a centralized exchange (CEX).
The attack occurred on the Solana side of the bridge, and there are currently concerns that the bridge to Terra may also be vulnerable. Smart contract auditing firm Certik reported that “it is possible that Wormhole’s bridge to the Terra blockchain shares the same vulnerability as their Solana bridge.” Wormhole addressed the attack in a tweet, saying:
“The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience.”
A few hours later, the interoperability protocol added that it has fixed the vulnerability and is still working on getting the network back up soon.
Wormhole Sees Largest Hack So Far in 2022
The hack on Wormhole Bridge happened around 6:24 pm UTC, with the attacker minting 120,000 wETH on Solana. Less than five minutes later, the thief moved to redeem 93,750 wETH for ETH worth $245 million onto the Ethereum network. Since the attack, the hacker has used parts of the funds to buy Meta Capital (MCAP), SportX (SX), and Finally Usable Crypto Karma (FUCK). The attacker also proceeded to purchase Bored Ape Yacht Club Token (APE).
In reaction, Wormhole developers have attempted to reach the hacker through a blockchain message. The team offered to allow the attacker to keep $10 million worth of the stolen funds if the person returned the remaining.
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected]”
The Wormhole Bridge hack is the second smart contract in the past week. Qubit’s QBridge protocol lost $80 million in another high-profile attack.