In Second Largest DeFi Hack Ever, Blockchain Bridge Loses $320M Ether

The network has over $1 billion in total value locked and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche and Polygon

article-image

Blockworks exclusive art by Axel Rangel

share

key takeaways

  • “As far as we can tell now, only wETH has been affected, no other tokens,” a Wormhole admin wrote on Telegram
  • The protocol offered the hacker a bounty of $10 million for details on the exploit and return of the stolen wrapped ether

Wormhole, one of the largest bridges between Solana and other blockchains, has been hacked for about $320 million, or 120,000 ether — making it the second largest DeFi hack to date. 

The interoperability protocol confirmed the exploit in a tweet Wednesday evening.

“ETH will be added over the next hours to ensure wETH is backed 1:1,” the protocol wrote. “More details to come shortly. We are working to get the network back up quickly.”

Wormhole said earlier that the network was down for maintenance. Its website stated “Portal is Temporarily Unavailable” at the time of publication.

The exploit comes after hackers made off with $80 million from decentralized finance protocol Qubit Finance last week. 

Wormhole is a protocol that allows users to bridge assets across blockchains. It has over $1 billion in total value locked and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche and Polygon. 

When a user transfers assets from one blockchain to another, the bridge steps in to lock the transaction and mint a wrapped version, such as wrapped ether (wETh), to its final chain.

“As far as we can tell now, only wETH has been affected, no other tokens,” a Wormhole admin, who goes by the username d231d, wrote in its Telegram group. The admin added that the portal bridge is down and asked members not to initiate further transactions.

Some users reported stuck transactions, but the admin said that “as soon as the network is back up, you will be able to redeem the tokens you sent into the bridge.”

The hacker transferred the stolen tokens from Wormhole to their wallet.

While it’s not known how the hacker exploited the network, it took place over three different transactions around 2:00 pm EST on Wednesday, according to Etherscan data

Wormhole sent an on-chain message to the hacker about an hour after the exploit, offering a reward for the return of the tokens. 

“We noticed you were able to exploit the Solana VAA verification and mint tokens,” the message said. “We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”

It’s not clear whether the exploiter responded to Wormhole. The protocol was not immediately available for comment.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

AERODROME TEMPLATE.png

Research

Aerodrome is a "MetaDEX" that combines elements of various DEX primitives such as Uniswap V2 and V3, Curve, Convex, and Votium. Since its launch on Base, it has become the largest protocol by TVL with more than $495M in value locked, doubling Uniswap's Base deployment.

article-image

Also, former Valkyrie CEO lands new leadership role at Canadian investment firm Cypherpunk Holdings

article-image

This week’s biggest funding round saw Jump Trading, JPMorgan contribute to the round

article-image

Plus, a layer-1 for intellectual property is launching and Farcaster users peaked

article-image

Crypto still hasn’t shaken one of its most garish primordial tails — funny stories about fraud

article-image

Plus, publicly traded crypto companies had a pretty eventful news week

article-image

Committee members directed more questions to Christy Goldsmith Romero, who could soon be leading one of the more troubled federal agencies