Blockchain bridge Wormhole confirms that exploiter stole $320 million worth of crypto assets

Wormhole, a popular cryptocurrency platform that offers bridges between multiple blockchains, announced on Twitter that it noticed an exploit. The attacker apparently exploited the bridge between the Ethereum and Solana blockchains. It redirected around $320 million worth of ETH to crypto wallets that don’t belong to the Wormhole team.

A bridge is a combination of smart contracts that facilitate interoperability and transactions between different blockchains. Users typically use a web app to take advantage of a bridge. They connect their wallet with the web app and then initiate a transaction.

Once the transaction is confirmed on the origin blockchain, crypto assets are released on the destination blockchain and transferred to the user wallet.

Yesterday, Wormhole took down its website. “The wormhole network is down for maintenance as we look into a potential exploit,” the team wrote on Twitter

Crypto analysts quickly noticed two suspicious transactions. The exploiter seemingly found an exploit and stole 120,000 ETH from Wormhole’s reserve of “wrapped” ETH on the Solana blockchain.

Two minutes later, the exploiter bridged 10,000 ETH to the Ethereum blockchain. 22 minutes later, another 80,000 ETH transaction occurred on the Ethereum blockchain. Once again, it seems like the exploiter moved some of its stolen assets to an Ethereum wallet.

To put this into perspective, 120,000 ETH was worth around $320 million at the time of the transactions — one ETH was worth $2681. ETH is currently trading at $2622 at the time of this article, down 2.2% since the exploit.

The Wormhole team later confirmed the exploit. “The wormhole network was exploited for 120k wETH,” the team wrote on Twitter.

In another tweet, Wormhole said that “the vulnerability has been patched.” The bridge is still down as I’m writing this.

It’s unclear what’s going to happen next with the stolen assets. Wormhole initiated a transaction to the exploiter with a note. The Wormhole team is willing to offer $10 million in exchange for the stolen assets. It’s going to be a weird decision.

This is the Wormhole Deployer:

We noticed you were able to exploit the Solana VAA verification and mint tokens. We d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you ve minted. You can reach out to us at contact@certus.one

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter