Cryptocurrency platform was attacked and exploited, more than 300 million USD disappeared without a trace

The cryptocurrency world was shocked once again when on Wednesday, a blockchain portal called Wormhole reported that it had been hacked and had more than 300 million USD worth of money stolen from the platform. This is considered the fourth largest theft of digital currency in the history of this field, after Mt. Gox, Coincheck and, more recently, PolyNetwork and could lead to the bankruptcy of many stakeholders.

Basically, Wormhole is a DeFi cross-chain protocol, which is a bridge that allows users to transfer digital money between blockchains, including the Ethereum and Solana networks. It works by holding user tokens in a smart contract on the original chain and then generating a wormhole "wrapped" token on the target chain. These wrapped tokens can then be exchanged for native tokens on the destination chain, making it possible to exchange digital currency between chains.

However, somehow, the hacker found a flaw in this process to trick Wormhole into thinking that a smart contract was created for the amount of 120,000 wETH (each wETH is equal to 1 ETH, equivalent to 1 ETH). $320 million at time of loss) needs to be "wrapped" on the destination chain which is Solana. Of course, since no such amount appeared on the original chain, this wrapped token was withdrawn from Wormhole's wallet.

Needless to say, this incident caused a mass panic on Twitter, despite the platform's attempt to defuse the situation. Wormhole occupies a significant market share among the current DeFi cross-chain protocols, representing a link between the Solana ecosystem and other decentralized networks for asset exchange.

With the possibility of using technical means to recover lost money is extremely low, Wormhole is offering a $10 million reward to the hacker for "discovering a vulnerability" in exchange for the stolen money. The same tactic was used by DeFi platform PolyNetwork last year when it was hacked and stolen $600 million – but the hacker really just wanted to warn the platform about the vulnerability, rather than steal the money.

While it's unclear if the hacker is happy with the bounty, Wormhole surprised everyone by announcing this past Thursday - the day after the hack - that everything is back to normal: The vulnerability has been restored. patched and any stolen funds "recovered".

As it turns out, it was Jump Crypto, Wormhole's parent company, who repaid the stolen funds to the platform to prevent a chaotic and terrible collapse. Obviously, the $ 10 million bonus that Wormhole awarded does not satisfy hackers when they have more than 300 million USD in assets.

While DeFi is arguably an important kind of foundation for the crypto-and-blockchain dream, there is growing evidence that it is one of the ways to lose the most money. Among the largest cryptocurrency losses of 2021, it is not surprising that DeFi is taking a significant position.

Lesley Montoya

Update 05 February 2022