Attacker plunders DeFi platform Wormhole

By on
Attacker plunders DeFi platform Wormhole

Exploited vulnerability leads to A$452 million theft.

Decentralised finance bridging portal Wormhole said it has lost 120,000 "wrapped" Ethereum tokens due to a vulnerability its conversion system being exploited by an unknown attacker.

At the current exchange rate, around US$322 million (A$452 million) was taken in the attack, although that figure could decrease as price fluctuations hit Ethereum, one of the most-used cryptocurrencies.

Wormhole has acknowledged the attack, which appears to have been executed by getting the DeFi portal to mint more Ethereum coins than the input provided in the cryptocurrency bridging process.

"Wrapped" Ethereum allows users to transfer different cryptocurrencies between blockchain distributed databases, through means of trusted third-parties or smart contracts.

A bug bounty of US$10 miilion is now being offered by Wormhole, on condition that the attacker returns the "wrapped" Ethereum coins.

Cryptocurrency anti-money laundering company Elliptic estimates that the Wormhole theft is the second largest to hit the DeFi sector, and the fourth largest virtual money heist so far.

The largest DeFi theft took place in August last year, when over $600 million in cryptocurrency was taken from PolyNetwork.

While it's not known who was behind the PolyNetwork theft, the attackers are said to have returned half of the stolen cryptocurrency, asking for a reward to hand over the rest.

Elliptic believes the DeFi sector has suffered up to US$2 billion in losses so far.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?