One of the biggest bridges between Solana and other blockchains, Wormhole, has been hacked to the tune of around $320 milion - or 120,000 ETH potentially stolen, which would make it the second largest DeFi hack to date, according to Blockworks.
In a Wednesday evening tweet, Wormhole confirmed the exploit, and pledged that "ETH will be added over the next hours to ensure wETH is backed 1:1." The company did not elaborate on where they would get the Ether.
The wormhole network was exploited for 120k wETH.— Wormhole🌪 (@wormholecrypto) February 2, 2022
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
The announcement came approximately 90 minutes after they announced that the wormhole network was "down for maintenance," as they "look into a potential exploit."
‼️ The wormhole network is down for maintenance as we look into a potential exploit.— Wormhole🌪 (@wormholecrypto) February 2, 2022
📢 We will provide updates here as soon as we have them.
🙏 Thank you for your patience.
As Blockworks explains:
Wormhole is a protocol that allows users to bridge assets across blockchains. It has over $1 billion in total value locked and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche and Polygon.
When a user transfers assets from one blockchain to another, the bridge steps in to lock the transaction and mint a wrapped version, such as wrapped ether (wETh), to its final chain.
"This demonstrates once again that the security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them," said Tom Robinson, co-founder of blockchain analysis firm Elliptic (via Bloomberg). "The transparency of the blockchain is allowing attackers to identify and exploit major bugs."
According to another forensics provider, TRM labs, around 96,000 of wETH tokens have been sent to the Ethereum blockchain.
"No onward movement yet, but we are tracking the situation," said TRM.
Wormhole developers offered the hacker a $10 million bug bounty for exploit details and the return of the funds.
Jump Trading Group announced in August that it bought Certus One, which helped develop Wormhole. Jump has said it is a founding code contributor to Wormhole. Certus One offers infrastructure services for proof-of-stake blockchains and has been an active participant in decentralized networks including Cosmos, Terra, Solana and next-generation Ethereum. -Bloomberg
"As far as we can tell now, only wETH has been affected, no other tokens," said a Wormhole admin who goes by d321d in a Telegram group, adding that the portal bridge is down before asking members to cease further action on the network.
More via Blockworks' Jacquelyn Melinek:
Some users reported stuck transactions, but the admin said that “as soon as the network is back up, you will be able to redeem the tokens you sent into the bridge.”
While it’s not known how the hacker exploited the network, it took place over three different transactions around 2:00 pm EST on Wednesday, according to Etherscan data.
Wormhole sent an on-chain message to the hacker about an hour after the exploit, offering a reward for the return of the tokens.
“We noticed you were able to exploit the Solana VAA verification and mint tokens,” the message said. “We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”