An attacker exploited a vulnerability in the wormhole cryptocurrency platform to steal an estimated $ 322 million worth of Ethereum currency.
The attack took place early today and was affected Wormhole portal, Web-based application (also known as blockchain “bridge”). This allows users to convert one format of cryptocurrency to another.
The Bridge Portal uses the Ethereum blockchain’s “smart contracts” to convert input cryptocurrencies into temporary internal tokens. This token will later be converted to the output cryptocurrency desired by the user.
Attackers are believed to have exploited this process to trick the wormhole project into releasing it. Ethereum (ETH) When Solana (SOL) Coins far beyond the input they initially provided.
Attackers reportedly stole $ 322.8 million worth of crypto assets during the attack, dropping to $ 294 million due to price fluctuations following hacking news.
A wormhole spokesperson hasn’t responded to a request for comment on today’s incident, but the company today confirmed the attack on Twitter and launched the site. Maintenance mode While investigating the case.
Tal Be’ery, CTO of Cryptocurrency Wallet App ZenGo Those who warned The Record about wormhole attacks said hacking was part of a recent “exploit trend.” [blockchain] bridge. “
Just a week ago, when a hacker stole it, a similar attack was made against another blockchain bridge. $ 80 million from Qubit Finance..
After the wormhole officially confirms the amount of stolen funds, the incident could be the biggest hack of crypto platforms so far this year, Second largest hack According to data edited by the DeFiYield project, the decentralized finance (DeFi) platform to date
Wormhole offers hackers $ 10 million as a “bug bounty”
Like the Qubit hack, Wormhole is now attractive Send it to a hacker and ask them to return the stolen money in exchange for a $ 10 million reward and a “white hat contract.” This means that the platform will not file criminal charges against attackers.
but, As found by former Uber executivesSuch contracts that exempt hackers are not legal in certain jurisdictions and authorities may track attackers anyway.
