A vulnerability in Wormhole, a cryptocurrency platform that allows users to convert one token into another, has been exploited by attackers who managed to “mint” some 120,000 wETH, or Wrapped Ether, on the Solana network.
In layman’s terms, a “wrapped” token is one that does not reside on its native blockchain (for example, bitcoin can only be shared on the Ethereum network if it’s wrapped).
Of those 120,000 wETH, the attackers transferred 93,750 Ether back to its native platform - at the time of going to press, the value of wETH is around $318 million, while the value of the transferred Ether is $248 million
Too late to patch
Since the disclosure of the attack, Wormhole’s developers have taken the network down and patched up the flaw.
deBridgeFinance co-founder, Alex Smirnov, claims the developers actually spotted the vulnerability earlier, and had a patch ready, but did not have enough time to deploy it. This wasn’t a malware issue, and no endpoints in the network were compromised.
Wormhole took to social media to offer the attackers a “whitehat contract” and a $10 million bounty reward for discovering the flaw, if they return all of the funds. A whitehat contract would mean there would be no criminal investigation into the attack. However, as The Record reports, chances are the law enforcement will get involved, either way.
Furthermore, the organization says it will add more funds to the platform, to “ensure wETH is backed 1:1”. We don’t know where the funds would come from.
Wormhole acts as a bridge from Solana towards multiple chains, including Ethereum, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis. In total, it has more than $1 billion locked.
With respect to the number of tokens stolen in the attack, the Wormhole breach will most likely become the second-largest Decentralized Finance (DeFi) platform attack of all time, and the biggest one this year. It’s only February, though.
- You might also want to check out our list of the best firewalls right now
Via: The Record
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.