Wormhole Protocol hacked: Attacker walks away with $320M 

Key Takeaways

• DeFi bridge protocol Wormhole has been subject to a hack, losing $320 million in the process
• Last week hackers stole $80 million from DeFi protocol Qubit Finance

YEREVAN (CoinChapter.com)- Wormhole protocol, one of the largest bridges between Solana and other blockchains, stands hacked.

According to reports, attackers have successfully robbed the network of about 12,000 ETH. That amounts to about $320 million in fiat currency terms, making it the second-largest in the decentralized finance (DeFi) space to date. Earlier, on Aug. 10, 2021, Poly Network had lost $610 million to some good-hearted hackers, mainly because they received the stolen amount back.

Wormhole has not been that lucky so far. The protocol’s official Twitter handle confirmed the attack in a tweet late Wednesday:

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole (@wormhole) February 2, 2022

Prior to the confirmation, Wormhole had also announced that it had taken the network down for maintenance to “look into a potential exploit.”

According to the protocol’s website, Wormhole is a generic message-passing protocol that connects to multiple chains, including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis.

Wormhole also has over $1 billion in total value locked, according to Blockworks.

Based on the data available on Etherscan, the hacker used three transactions to complete the hack and transfer the stolen funds.

According to analysis from CertiK, the attacker invoked the complete_wrapped instruction with the spoofed inputs ‘ctx,’ ‘accs,‘ and ‘data’ to successfully trigger and mint Wormhole ETH for themselves.

#IncidentAnalysis

The investigation inside Wormhole Bridge

The attacker invoked the complete_wrapped instruction with the spoofed inputs `ctx`, `accs` and `data`

The instruction does not perform complete verification on the correctness of the input `ctx`, `accs`, and `data`. pic.twitter.com/IQAEqvphBO

— CertiK Skynet Rating (@CertiKCommunity) February 3, 2022

Recommended: Crypto.com hack – 400 accounts were compromised confirms CEO Kris Marszalek

Wormhole reaches out to the hacker 

Hoping to replicate the case of Poly Network, when the hacker returned the $610 million in exploits, Wormhole reached out to the attacker. According to the on-chain data, Wormhole offered the hacker a reward of $10 million if they returned the tokens. 

“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected],” 

the message reads.

The vulnerability has been patched.

We are working to get the network back up as soon as possible.

— Wormhole (@wormhole) February 3, 2022

Meanwhile, Wormhole confirmed that they have since fixed the coding security bridge on Thursday. However, we will have to wait to see if the hacker takes the $10 million whitehat reward offer and returns the funds. 

As early as last week, decentralized finance protocol Qubit Finance also fell victim to a hack resulting in losses amounting to $80 million. The platform has offered $2 million in rewards to the hacker if they return it. As of now, the exploiter still holds the funds.

pic.twitter.com/G1WOMglVUU

— Qubit Finance (@QubitFin) January 28, 2022

According to a report by blockchain research firm CertiK, hackers stole over $1.3 billion in 44 different DeFi hacks in 2021.