The Wormhole portal allows for easy transfer of cryptocurrencies between the solana-ethereum blockchains. Around 120,000 WETH tokens have been stolen.
According to a CNBC report, it was the second-largest “decentralised finance” heist after last year’s $600-million Poly Network theft. It was also described as the biggest attack on solana which is growing in popularity in NFT/DeFI spaces.
Wormhole works in close collaboration with other chains such as Avalanche and Binance Smart Chain. It allows users to “wrap” assets from one platform or chain and use them on the next.
Users can enjoy lower fees on different platforms by doing this. Wormhole was launched in August 2021 and has approximately $1 billion in deposited funds.
Wrapped assets are cryptos that have been enclosed or wrapped in a digital vault. These assets are valued according to other cryptos or assets such as stocks, gold, and more.
A new token is required to transact on DeFi platforms using these wrapped assets. The crypto exploited, ie wrappedether tracks ethereum which is the second-largest cryptocurrency in terms of market capitalisation.
Users must first lock ethereum in a smart contract, then receive an equivalent amount of wrapped ethereum to get it into solana. They can then trade WETH for tokens based on solana.
Hackers were able bypass the process of minting WETH tokens, without locking up ethereum.
Developers from Wormhole notified users about the hacking by February 2. They said that the network was down for maintenance due to a possible network breach.
In exchange for the stolen funds, hackers were offered a $10 million bounty via a message to the ethereum Blockchain.
“We noticed that you were able to exploit the Solana VAA (validator action approval)verification and mint tokens. “We would like to offer a whitehat agreement and return the WETH that you have minted and provide details for exploits.