The hacker responsible for the $321 million Wormhole bridge hack was initially considered qualified for a recent airdrop of a newly launched W token where the explorer could claim $50,000.
The Wormhole bridge suffered an exploit in February 2022, making it one of the most significant hacks in the crypto industry’s history.
Wormhole Airdrop Lists Hacker as Eligible
On April 3, Wormhole announced its airdrop of more than 675 million W tokens, worth about $850,000 at current prices, to eligible users.
A day later, Pland, a pseudonymous researcher, claimed that the Wormhole team overlooked excluding certain wallet addresses associated with an exploit that resulted in hackers stealing $321 million in cryptocurrency from the cross-chain bridge.
Wormhole forgot to exclude the exploiter from the airdrop pic.twitter.com/xkkpDz9RAl
— Pland (@Pland__) April 3, 2024
According to data from the Solana-based airdrop checker airdrop.link, four wallet addresses were temporarily permitted to claim Wormhole’s airdrop. Had the hacker chosen to claim their airdrops, they would have been entitled to approximately 31,642 Wormhole (W) tokens, valued at around $50,000 based on current prices.
However, investigations on airdrop.link revealed that these wallet addresses were no longer eligible, indicating that the Wormhole team might have already addressed the issue.
Meanwhile, the W token opened at $1.66 on the Solana-based decentralized exchange (DEX) OpenBook, with a market capitalization of $3 billion and a fully diluted value of $16.5 billion, as reported by CoinGecko. Following its release, OpenBook encountered significant congestion, leading to reports of inaccessibility from several users.
The tokens released constitute 6% of the total supply, with an additional 12% allocated to core contributors and 23.3% earmarked for the foundation’s treasury. Initially launched on Solana, the token will be natively issued on Ethereum and layer-2 networks later.
Wormhole Hack Vulnerability Exploited
In 2022, an exploiter exploited a vulnerability on the Wormhole liquidity bridge connecting the Ethereum and Solana blockchains, losing 120,000 wrapped ether.
After suffering an exploit, Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app executed a ‘counter exploit’ on the Wormhole protocol hacker in February 2023. These entities successfully recovered $225 million in digital assets from the wormhole exploiter and returned them to secure wallets.
Since the hack, the company has improved its security and even announced two bug bounty programs, each offering $2.5 million in rewards to encourage identifying and submitting potential vulnerabilities for patching. In addition, multiple third-party firms conducted audits to address critical issues in Wormhole’s system.