Cryptocurrency firm Wormhole said Thursday that “all funds have been restored” after more than US$320 million was stolen from its site in the fourth-largest bitcoin theft on record.
Wormhole is a token bridge that allows users to send and receive cryptocurrencies between Ethereum, Solana, BSC, Polygon, Avalanche, Oasis and Terra without the use of a centralised exchange. The company said on Wednesday it had been exploited for 120,000 digital tokens connected to the second-largest cryptocurrency, Ether. And at the time of the theft announcement, the market value of the tokens was just over US$320 million.
The hack took place on the Solana side of the bridge and it is feared that the Wormhole to Terra bridge could be equally vulnerable. Moreover, the theft was the latest to hit the fast-growing but largely unregulated DeFi sector. The platforms allow users to lend, borrow and save, usually in cryptocurrency, without going through traditional gatekeepers of finance, such as banks.
A few hours after the attack, Wormhole posted on their Twitter account: “All funds have been restored and Wormhole is back up. We’re deeply grateful for your support and thank you for your patience.”
Wormhole did not provide further information on how it recovered the funds, but one of the Twitter account administrators tweeted: “The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience.”
London-based blockchain analytics firm Elliptic said the attackers were able to fraudulently create wETH tokens: nearly 94,000 of which were later transferred to the Ethereum blockchain, which powers ether transactions.
Since then, the hacker has used some funds to buy SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK) and Bored Ape Yacht Club Token (APE). And the remaining WETH was exchanged for SOL and USDC on Solana. Currently, the hacker’s wallet holds 432,662 SOL (US$44 million).
The incident report is available here.