{"id":402979,"date":"2022-02-03T04:18:26","date_gmt":"2022-02-03T01:18:26","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/wormhole-token-bridge-loses-321m-in-largest-hack-so-far-in-2022\/"},"modified":"2022-02-03T04:18:26","modified_gmt":"2022-02-03T01:18:26","slug":"wormhole-token-bridge-loses-321m-in-largest-hack-so-far-in-2022","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/wormhole-token-bridge-loses-321m-in-largest-hack-so-far-in-2022\/","title":{"rendered":"# Wormhole token bridge loses $321M in largest hack so far in 2022"},"content":{"rendered":"<p>&#8220;<strong># Wormhole token bridge loses $321M in largest hack so far in 2022  <\/strong>&#8221;<\/p>\n<div class=\"post-content\" data-v-128018ef>The Wormhole token bridge experienced a security exploit today, resulting in the loss of 120,000 wETH tokens ($321 million) from the platform.<\/p>\n<p>Wormhole is a token bridge that allows users to send and receive crypto between Ethereum, Solana, BSC, Polygon, Avalanche, Oasis, and Terra without the use of a centralized exchange (CEX). This is the largest crypto hack of 2022 so far and the second largest DeFi hack to date. The Wormhole team has offered a $10M bug bounty for the return of the funds. <\/p>\n<p>The hack took place on the Solana side of the bridge and there are fears Wormhole\u2019s bridge to Terra could be similarly vulnerable.<\/p>\n<p>The Wormhole team has assured the community that its ETH supply would be replenished to \u201censure wETH is backed 1:1,\u201d but there is no word yet on where those funds will come from or when.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The wormhole network was exploited for 120k wETH. <\/p>\n<p>ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.<\/p>\n<p>We are working to get the network back up quickly. Thanks for your patience.<\/p>\n<p>\u2014 Wormhole (@wormholecrypto) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/wormholecrypto\/status\/1489001949881978883?ref_src=twsrc%5Etfw\">February 2, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nThe <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/solscan.io\/tx\/2zCz2GgSoSS68eNJENWrYB48dMM1zmH8SZkgYneVDv2G4gRsVfwu5rNXtK5BKFxn7fSqX9BvrBc1rdPAeBEcD6Es\">hack<\/a> took place at 6:24pm UTC on Feb. 2. The attacker minted 120,000 wETH (WETH) on Solana, then <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x24c7d855a0a931561e412d809e2596c3fd861cc7385566fd1cb528f9e93e5f14\">redeemed<\/a> 93,750 WETH for ETH worth $254 million onto the Ethereum network at 6:28pm UTC. The hacker has since used some funds to buy SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK), and Bored Ape Yacht Club Token (APE).<\/p>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/solscan.io\/account\/CxegPrfn2ge5dNiQberUrQJkHCcimeR4VXkeawcFBBka#splTransfers\">remaining<\/a> WETH was sw<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ed for SOL and USDC on Solana. The hacker\u2019s Solana wallet currently holds 432,662 SOL ($44 million). <\/p>\n<p>No other assets or chains served by Wormhole have been reported affected, but smart contract auditing firm Certik said in a report today that \u201cIt is possible that Wormhole\u2019s bridge to the Terra blockchain shares the same vulnerability as their Solana bridge.\u201d<\/p>\n<p>The Wormhole team contacted the hacker through their Ethereum address to offered to let the hacker keep $10 million worth of funds stolen if the remaining funds are returned.<\/p>\n<p>\u201cThis is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We\u2019d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you\u2019ve minted. You can reach out to us at contact@certus.one\u201d<\/p>\n<p>As of the time of writing, wETH tokens sent across the bridge are not yet redeemable while the Wormhole team attempts to fix the exploit.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-02\/50720678-298a-4878-ac3e-28aae430a576.PNG\"><\/figure>\n<p>This is the second smart contract exploit on a token bridge in a week. On Jan. 28, Qubit Finance\u2019s QBridge was exploited for $80 million on BSC. It is also reminiscent of the Poly Network hack last August wherein $610 million in crypto was stolen off the platform. In that case, nearly all of the funds were returned by the whitehat hacker.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>$2.5B in stolen BTC from Bitfinex hack awakens<\/em><\/strong><\/p>\n<p>The frequency of smart contract hacks on token bridges serves to validate Vitalik Buterin\u2019s Jan. 7 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/old.reddit.com\/r\/ethereum\/comments\/rwojtk\/ama_we_are_the_efs_research_team_pt_7_07_january\/hrngyk8\/\">warning<\/a> that there are \u201cfundamental security limits of bridges.\u201d The Ethereum co-founder\u2019s admonition was within the context of a 51% attack on Ethereum, but his advice was well-timed as he pointed out the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> vulnerability apparent on bridges that send tokens across layer-1 blockchains. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/wormhole-token-bridge-loses-321m-in-largest-hack-so-far-in-2022\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Wormhole token bridge loses $321M in largest hack so far in 2022 &#8221; The Wormhole token bridge experienced a security exploit today, resulting in the loss of 120,000 wETH tokens ($321 million) from the platform. Wormhole is a token bridge that allows users to send and receive crypto between Ethereum, Solana, BSC, Polygon, Avalanche,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":402980,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDIvMGY4ODU5NTctMDBkOS00ODRjLTgzNGUtZTIzZTBmMWY2MmQ0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74891,74892,70944],"class_list":["post-402979","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-ethereum","tag-tokens","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/402979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=402979"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/402979\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/402980"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=402979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=402979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=402979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}