Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Over $300 Million in Cryptocurrency Stolen in Wormhole Hack

Blockchain bridge Wormhole has confirmed that roughly $320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday.

Blockchain bridge Wormhole has confirmed that roughly $320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday.

Wormhole is a bridge that connects various blockchains, including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis. One of its main features is a token bridge that allows users to bridge wrapped assets between these blockchains.

The service announced on Wednesday that the Wormhole network had been shut down “for maintenance” as it had started looking into a potential exploit.

The attacker apparently used an exploit that has since been patched to mint 120,000 wrapped Ethereum (wETH) on the Solana blockchain, much of which was then transferred to the Ethereum blockchain. The 120,000 wETH was worth roughly $320 million at the time of the attack.

Wormhole developers have apparently offered the attacker a $10 million bug bounty through a “whitehat agreement” if they return the stolen cryptocurrency.

Wormhole has promised to share a detailed incident report. In a few messages shared on Twitter on Thursday, the service said it had restored all funds and the network. The funds were restored with the help of Jump Crypto, the crypto division of Jump Trading Group.

This appears to be the second-largest cryptocurrency heist. The largest took place in August 2021, when Poly Network announced that someone had stolen roughly $600 million worth of cryptocurrency. However, in that case, nearly all of the stolen funds were returned days later.

*updated to add that the funds were contributed by Jump Crypto

Advertisement. Scroll to continue reading.

Related: The Curious Case of the $600 Million Crypto Heist

Related: North Korean Hackers Stole $400 Million Worth of Cryptocurrency in 2021

Related: Hackers Steal $150 Million Worth of Cryptocurrency From BitMart

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.