[BreachExchange] Over $300 Million in Cryptocurrency Stolen in Wormhole Hack

[Terrell Byrd]

https://www.securityweek.com/over-300-million-cryptocurrency-stolen-wormhole-hack

Blockchain bridge Wormhole has confirmed that roughly $320 million worth of
cryptocurrency has been stolen following a hack discovered on Wednesday.

Wormhole is a bridge that connects various blockchains, including Ethereum,
Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis. One of
its main features is a token bridge that allows users to bridge wrapped
assets between these blockchains.

The service announced on Wednesday that the Wormhole network had been shut
down “for maintenance” as it had started looking into a potential exploit.

The attacker apparently used an exploit that has since been patched to mint
120,000 wrapped Ethereum (wETH) on the Solana blockchain, much of which was
then transferred to the Ethereum blockchain. The 120,000 wETH was worth
roughly $320 million at the time of the attack.

Wormhole developers have apparently offered the attacker a $10 million bug
bounty through a “whitehat agreement” if they return the stolen
cryptocurrency.

Wormhole has promised to share a detailed incident report. In a few
messages shared on Twitter on Thursday, the service said it had restored
all funds — likely from its own coffers — and the network.

This appears to be the second-largest cryptocurrency heist. The largest
took place in August 2021, when Poly Network announced that someone had
stolen roughly $600 million worth of cryptocurrency. However, in that case,
nearly all of the stolen funds were returned days later.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220203/65dc39b5/attachment.html>