Hackers stole more than $320 million in cryptocurrency from DeFi platform Wormhole

The vulnerability has been fixed and funds "restored" to accounts, the company said.
(Photo by NHAC NGUYEN/AFP via Getty Images)

A hacker stole $320 million worth of Ethereum cryptocurrency from decentralized finance platform Wormhole on Wednesday. The attack is the largest against the cryptocurrency industry so far in 2022 and one of the top hacks of the industry to date.

As of Thursday morning, all of the stolen funds were “restored,” the trading platform was back up, and an incident report was coming soon, according to tweets by the company. The vulnerability used by the attacker had been fixed, Wormhole said late Wednesday.

The platform allows users to send Ethereum and Solana cryptocurrencies across two different blockchains. A preliminary analysis of the attack by blockchain security firm CertiK shared with CyberScoop found that the hacker was able to exploit a vulnerability that allowed it to create a fake Solana transfer that it used to claim real Ethereum.

“We seem to be at an awkward point where the demand for cross-chain infrastructure is far outpacing the industry’s ability to build services securely.” Connie Lam, head of CertiK incident response team, wrote in an email to CyberScoop. Lam says that bridges are an attractive target because they operate across multiple chains and offer multiple points of failure. “Hackers follow the money, and a lot of money goes to the newest, most exciting ecosystems.”


The Wormhole hack is just the latest in a string of breaches plaguing the industry. Last week, hackers stole $80 million from DeFi exchange Qubit Finance after exploiting a bridge. In late January, centralized exchange reported that attackers accessed $30 million worth of cryptocurrency.

“DeFi,” or decentralized finance, is a form of peer-to-peer sharing that eliminates any middlemen from the process. However, the decentralized nature of the platforms has also left them more susceptible to attacks. Many protocols used in DeFi are open source, which means criminals have plenty of opportunities to hunt for bugs to exploit.

In 2021, hackers stole $1.3 billion in cryptocurrency across 44 DeFi incidents, according to a report by CertiK. A separate analysis by Chainalysis estimated that of the roughly $3.2 billion in cryptocurrency stolen in 2021, nearly three-quarters of the losses were from DeFi protocols.

Wormhole on Wednesday offered the hacker a bounty for sharing details about the exploit used to breach the bridge and return the money, a strategy that other hacked cryptocurrency platforms have employed in the past.

“We noticed you were able to exploit the Solana VAA verification and mint tokens,” the company wrote to the hacker. “We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted.”


The company did not respond to requests for comment, so it’s unclear if it has man contact with the hacker.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts