Decentralised finance bridging portal Wormhole said it has lost 120,000 "wrapped" Ethereum tokens due to a vulnerability its conversion system being exploited by an unknown attacker.
At the current exchange rate, around US$322 million (A$452 million) was taken in the attack, although that figure could decrease as price fluctuations hit Ethereum, one of the most-used cryptocurrencies.
Wormhole has acknowledged the attack, which appears to have been executed by getting the DeFi portal to mint more Ethereum coins than the input provided in the cryptocurrency bridging process.
"Wrapped" Ethereum allows users to transfer different cryptocurrencies between blockchain distributed databases, through means of trusted third-parties or smart contracts.
A bug bounty of US$10 miilion is now being offered by Wormhole, on condition that the attacker returns the "wrapped" Ethereum coins.
Cryptocurrency anti-money laundering company Elliptic estimates that the Wormhole theft is the second largest to hit the DeFi sector, and the fourth largest virtual money heist so far.
The largest DeFi theft took place in August last year, when over $600 million in cryptocurrency was taken from PolyNetwork.
While it's not known who was behind the PolyNetwork theft, the attackers are said to have returned half of the stolen cryptocurrency, asking for a reward to hand over the rest.
Elliptic believes the DeFi sector has suffered up to US$2 billion in losses so far.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
