Back to the list

Crypto Bridge Wormhole Replenished After Hack for $320M in Ethereum

source-logo  decrypt.co 03 February 2022 14:17, UTC

Wormhole, a popular cross-chain crypto bridge between Solana, Ethereum, Avalanche, and others, has restored its missing funds after a hacker yesterday managed to siphon $320 million in Wrapped Ethereum (wETH) out of the protocol.

wETH in Wormhole is a cryptocurrency pegged to the price of Ethereum but interoperable with other networks. To create wETH, users must first stake Ethereum.

The Wormhole team announced on Twitter today that "All funds have been restored and Wormhole is back up." In a follow-up tweet, they said they fixed the vulnerability shortly after midnight UTC, and "all wETH are backed up 1:1" as of 13:08 UTC.

The team is working on a detailed incident report and will share it asap

18:26 UTC - contract was exploited for 120k ETH

00:33 UTC - vulnerability was patched

13:08 UTC - ETH contract has been filled and all wETH are backed 1:1

13:29 UTC - the Portal (token bridge) is back up

— Wormhole🌪 (@wormholecrypto) February 3, 2022

Blockchain analytics site Elliptic concluded that the exploit was due to Wormhole's failure to validate "guardian" accounts, resulting in the attacker being able to mint 120,000 wETH with no ETH backing it. 

The hacker then exchanged 93,750 wETH for Ethereum and changed the remainder for Solana, which they've left untouched in their Solana wallet.

Who restored the funds?

After Wednesday's hack, Wormhole sent a message to the attacker on the Ethereum blockchain. 

It said: "This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We d [sic] like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you've minted."

Half an hour later, the team tweeted that Wormhole was "down for maintenance as we look into a potential exploit."

‼️ The wormhole network is down for maintenance as we look into a potential exploit.

📢 We will provide updates here as soon as we have them.

🙏 Thank you for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

Wormhole then broke news of the exploit on Twitter, adding, "ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly."

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

Cross-chain attacks

Attacks on cross-chain bridges are multiplying as more blockchains become popular. Last week, a cross-chain bridge in DeFi protocol Qubit was hacked for $80 million.


The week before that, $3 million was drained by multiple hackers attacking cross-chain router protocol Multichain. A whitehat hacker later returned $900,000 of it, but the rest is still unaccounted for. 

Clearly, cross-chain vulnerabilities have to be addressed if this is not to become a weekly occurrence.