Crypto Hackers Steal $320 Million in Second-Biggest DeFi Exploit Ever Wormhole, the target of Wednesday's attack, is a protocol that facilitates the transfer of tokens and NFTs between blockchains.
By Amanda Breen Edited by Jessica Thomas
A popular bridge linking the Ethereum and Solana blockchains lost more than $320 million on Wednesday afternoon in what appears to be decentralized finance's (DeFi's) second-largest hack of all time, CNBC reports.
DeFi itself is often praised for its security and accessibility: Programmable slices of code called smart contracts can serve as substitutes for banks and lawyers in specific kinds of business transactions. But potential issues arise when crypto investors move their assets between blockchains, which requires the use of a bridge that's susceptible to attack. Wormhole, the target of Wednesday's attack, is one such protocol that facilitates the transfer of tokens and NFTs between blockchains like Ethereum and Solana.
Although Ethereum is the most used blockchain network, Solana has been gaining popularity, winning points for its comparatively low cost and quick speed.
Related: 3 Things to Do Before You Buy Crypto
According to an analysis from cybersecurity firm CertiK, the Wormhole attacker has seized at least $251 million worth of Ethereum, almost $47 million in Solana and upwards of $4 million in USDC (a stablecoin pegged to the price of the U.S. dollar). CertiK's same initial analysis indicates that the attacker took advantage of a weak spot on the Solana side of the Wormhole bridge "to create 120,000 so-called 'wrapped' Ethereum tokens for themselves." Wrapped Ethereum tokens are pegged to the value of the original coin but work with other blockchains. In Wednesday's attack, those wrapped tokens were used to claim Ethereum on the other side of the bridge.
Wormhole confirmed the hack on its Twitter account and said the network was "down for maintenance" as it looked into the "potential exploit." In a series of follow-up tweets, Wormhole announced that the vulnerability had been patched and that all funds had been restored.
In August, cryptocurrency platform Poly Network was the target of the biggest attack on crypto yet; a hacker stole $600 million, and then, in an odd turn of events, returned almost all of the tokens.
Related: What's Holding DeFi Back (and How to Fix It)
Ethereum founder Vitalik Buterin has claimed that DeFi's future will be "multi-chain" but not "multi-bridge," as "there are fundamental limits to the security of bridges that hop across multiple 'zones of sovereignty.'"
