Main navigation

Here's How DeFi Project Lost $320 Million Worth of Ether

News
Thu, 02/03/2022 - 08:00
article image
Alex Dovbnya
Yet another major DeFi project bites the dust
Here's How DeFi Project Lost $320 Million Worth of Ether
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

Wormhole, a bridge that links Solana with other popular blockchains, has been robbed of $320 million worth of wrapped Ethereum (wETH), suffering the second-biggest hack in the decentralized finance space on record.

The project quickly acknowledged the incident in a tweet.

Wormhole developers have come up with a whitehat agreement for the hacker, offering them a $10 million bounty.

As reported by U.Today, PolyNetwork, which suffered the biggest DeFi hack to date, managed to successfully return all of its stolen funds in August after weeks of negotiation with the attacker.

An expensive bug

In a recent thread, developer Kelvin Fichter explains that the attacker minted wETH on Solana and withdrew it to the Ethereum blockchain.

The hacker was able to exploit a bug in Wormhole's verification function, using a fake system program to obfuscate the fact that the signature check had not been executed.

After fraudulently tricking the system into minting wETH on Solana, the attacker bridged it back to Ethereum.

Wormhole says that the vulnerability has now been patched.

Related
Scandal-Ridden DeFi Project Wonderland Shuts Down as Price Tanks

A prescient warning?

Ethereum co-founder Vitalik Buterin recently warned about the security vulnerabilities of centralized cross-chain bridges in a lengthy Reddit post published last month, claiming that they were at great risk of a 51% attack.

Jonathon Wu, growth lead at Aztec Network, however, points to the fact that the Wormhole hack boils down to a smart contract bug, which is why Buterin's warning might not apply in that particular case.

article image
About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.