Hackers have stolen about $320 million in cryptocurrency from Wormhole, a communication bridge linking Solana with other decentralized finance (DeFi) blockchain networks, its developers confirmed on Wednesdаy.
In a series of Twitter posts, developers said hackers had made off with 120,000 wETH, or wrаpped Ethereum; the equivalent of nearly $324 million in cryptocurrency—making it the second-largest DeFi hack to date.
“The wormhole network is down for maintenance as we look into a potential exploit,” developers said on Twitter late Thursday, adding that they would provide updates as and when available.
Wormhole is an interoperability protocol that acts like a bridge between assets and blockchains, allowing users to move cryptocurrencies seamlessly. The protocol supports six high-value blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche, and Polygon.
Later on Thursday, developers confirmed on Twitter that hackers had exploited Wormhole for 120,000 wETH but did not provide further details as to how they were able to do so.
Etherscan data shows the hacker, or hackers, exploited the network via three different transactions around 2 p.m. EST on Wednesday.
“ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience,” Wormhole developers wrote.
“The vulnerability has been patched. We are working to get the network back up as soon as possible,” they later added.
Wormhole said on its Telegram channel on Thursday that “all funds are safe.”
Wormhole developers offered the hacker a $10 million bug bounty for exploit details and the return of the funds in an on-chain message.
“We noticed you were able to exploit the Solana VAA verification and mint tokens,” the message reads. “We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”
The Epoch Times has contacted Wormhole developers for comment.
Wormhole’s exploit comes after hackers stole $80 million from DeFi protocol Qubit Finance last week.
Lawmakers and regulators in the United States have scrutinized the DeFi industry and have proposed a number of regulatory models to address the various risks they may pose.
In the December edition of its quarterly review of the economy and finance, the Bank for International Settlements (BIS) also took aim at DeFi and warned that it could have a potentially destabilizing effect on markets.
“If DeFi were to become widespread, its vulnerabilities might undermine financial stability,” the review read.
Research by London-based firm Elliptic also showed that investors lost billions last year due to theft and fraud among criminals targeting DeFi products and services.
Elliptic found that more than $10 billion worth of user funds have been stolen in cases of fraud and theft on DeFi products, the ecosystem of cryptocurrencies, exchanges, and shadow banks that aim to recreate traditional financial services using blockchain technology.
According to the report, DeFi users and investors suffered more than $12 billion in losses due to theft and fraud in 2021, and those losses are only accelerating, with losses totaling $10.5 billion in 2021 to date, up from $1.5 billion in 2020.
Elliptic said the relatively new underlying technology used in DeFi was part of the reason why criminals are able to hack in and make off with users’ funds, while the deep pools of liquidity also allow criminals to launder proceeds of crime such as ransomware and fraud while leaving few traces.
Despite this, cryptocurrency continues to grow in popularity, with El Salvador becoming the first country to officially classify Bitcoin as a legal currency last year.