Here’s How DeFi Project Lost $320 Million In Ether


An expensive bugA prescient warning?

Wormhole, a bridge connecting Solana to other popular blockchains, has been robbed of $320 million worth of packaged Ethereum (wETH), which has undergone the second-largest hack in the decentralized financial space.

The project quickly recognized the incident in a tweet.

Wormhole developers have come up with a whitehat deal for the hacker, where they get a $10 million bounty.

As reported by U.Today, PolyNetwork, which was dealing with the largest DeFi hack to date, managed to return all of its stolen funds in August after weeks of negotiations with the attacker.

An expensive bug

In a recent thread, developer Kelvin Fichter explains that the attacker hit wETH on Solana and pulled it back to the Ethereum blockchain.

The hacker was able to exploit a bug in Wormhole’s verification feature by using a fake system program to cover up the fact that the signature check had not been performed.

After fraudulently tricking the system into hitting wETH on Solana, the attacker brought it back to Ethereum.

Wormhole says the vulnerability has since been patched.

A prescient warning?

Ethereum Co-Founder Vitalik Buterin recently warned about the security vulnerabilities of centralized cross-chain bridges in a lengthy Reddit post published last month, claiming they were at high risk of a 51% attack.

However, Jonathon Wu, growth leader at Aztec Network, points out that the Wormhole hack amounts to a smart contract bug, so Buterin’s warning may not apply in that particular case.

Leave a Reply

Your email address will not be published.