Online Thieves Steal $320m from Crypto Firm Wormhole

Yet another cryptocurrency firm is offering a multimillion-dollar ‘bug bounty’ reward to those who hacked it after suffering a cyber-heist worth an estimated $322m.

Wormhole operates what’s known as a cross-blockchain bridge, enabling holders of certain cryptocurrencies to transfer tokens, data and other assets between siloed blockchains. It offers this service to bridge Ethereum, Solana, BSC, Polygon, Avalanche, Oasis and Terra.

In a brief statement late yesterday, the firm tweeted that its network was down while it investigated a potential exploit.

Then came the news that users were dreading: Wormhole confirmed that attackers stole 120,000 Ethereum tokens worth over $320m.

However, the firm claimed that it would be adding more Ethereum to its platform “over the next hours” to ensure any assets it owns are backed 1:1. The fear is that without this backing, various Solana users and platforms would be helpless.

A security researcher going by the handle “samczsun” on Twitter has a detailed write-up of the attack here, having reverse-engineered the exploit. The hacker exploited a vulnerability on the Wormhole platform, enabling them to pocket new wrapped Ethereum (wETH) without needing to deposit any in return.

WETH is a version of Ethereum designed to be exchanged with other Ethereum-based tokens and has the same value as ETH.

Just like Qubit Finance a few days ago, Wormhole has reached out to its attacker, offering a massive $10m reward for finding the bug.

“We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a white hat agreement, and present you a bug bounty of $10m for exploit details, and returning the wETH you’ve minted,” it said in a message on the Ethereum blockchain.

The audacious cyber-heist makes this easily the biggest theft of cryptocurrency so far this year and the largest such incident targeting cross-blockchain bridges.

In its most recent update, Wormhole claimed the vulnerability had now been patched, and it was working on getting the network back up and running.

What’s Hot on Infosecurity Magazine?