- More than $320 million of tokens stolen
- Hack is fourth-biggest ever crypto theft
- Wormhole says on Telegram channel “all funds are safe”
- DeFi sites increasingly targeted by criminals
Cryptocurrency platform Wormhole said on Thursday that “all funds are safe” after hackers stole more than $320 million from its site in the fourth-largest crypto heist on record.
Wormhole, which allows the transfer of information from one crypto network to another, said on Twitter on Wednesday that it was “exploited” for 120,000 units of a version of the second-largest cryptocurrency, ether. At the time of the announcement, the market value of the tokens totalled just over $320 million.
The theft was the latest to shake the fast-growing but mostly unregulated decentralised finance (DeFi) sites, which allow users to lend, borrow and save – usually in cryptocurrencies – while bypassing traditional gatekeepers of finance such as banks.
Wormhole said in a further tweet early on Thursday that “the vulnerability has been patched” and it was working to get the network back up. A message on Wormhole’s Telegram channel later said: “A fix has been deployed and all funds are safe,” without giving further details.
Wormhole did not respond to multiple Reuters requests for comment via social media. Like many DeFi sites, Wormhole gives few details of its location or structure.
London-based blockchain analysis firm Elliptic said that attackers were able to fraudulently create the wETH tokens, almost 94,000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.
Elliptic added that Wormhole has offered the attacker a $10 million “bounty” to return the funds, citing messages embedded within ether transactions sent to the attacker’s digital address.
MAJOR HACKING RISK
Cash has poured into DeFi sites, mirroring the explosion of interest in cryptocurrencies as a whole. Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.
Yet with their breakneck growth, DeFi platforms have emerged as a major hacking risk, with bugs in code and design flaws allowing criminals to target DeFi sites and deep pools of liquidity, and also to launder the proceeds of crime while leaving few traces.
Fraud and theft at DeFi platforms surpassed $10 billion last year, research by Elliptic shows, laying bare the risks in the fast-growing but mostly unregulated area of cryptocurrencies.
Hacks have long plagued crypto platforms. In 2018, digital tokens worth some $530 million were stolen from Tokyo-based platform Coincheck. Mt. Gox, another Japanese exchange, collapsed in 2014 after hackers stole half a billion dollars of crypto.