Cryptocurrency platform Wormhole restores funds after suffering $320 million hack
Millions of dollars in cryptocurrency stolen late Wednesday from accounts on crypto platform Wormhole have been returned to users, the firm's leaders said.
Wormhole is a decentralized finance, or DeFi, platform that allows users to swap solana directly for other cryptocurrencies on decentralized apps, or dApps, across the ethereum crypto network, a service known as a "blockchain bridge."
Wormhole first tweeted about the hack of its bridge platform late Wednesday night, saying that the company's system was down temporarily so that its maintenance team could "look into a potential exploit." In a subsequent tweet, the company announced hackers had taken 120,000 of wrapped ethereum tokens, or wETH, valued at roughly $320 million.
Wrapped ethereum is essentially the tradable version of ethereum currency. Wormhole added in its tweet that any wETH stolen in the hack would be replaced with plain (non-wrapped) ethereum tokens.
On Thursday, Wormhole tweeted that "all funds have been restored" and that its system has been returned to normal. Wormhole has not explained if or how it was able to retrieve the stolen funds or how the hack happened in the first place.
The firm did not respond to a request for comment by CBS MoneyWatch.
The Wormhole team contacted the hacker and offered $10 million in exchange for knowledge on how the person executed the hack and returning the remaining stolen assets, according to London-based blockchain analysis firm Elliptic.
Elliptic said the Wormhole incident centered on hackers creating essentially a fake account on the platform then using it to create their own ethereum tokens. On DeFi platforms like Wormhole, users are asked to first create a guardian account, which is considered a more secure digital wallet of cryptocurrency that utilizes a two-step authorization process.
"The exploit resulted from Wormhole's failure to validate guardian accounts — allowing the attacker to mint 120,000 ETH out of thin air," Elliptic said in a blog post. "This adds to the more than $2 billion in direct losses suffered by DeFi services due to hacks and exploits."
The Wormhole incident marks the second-largest DeFi hack ever, and the largest so far in 2022. Last August, hackers stole an estimated $611 million from cryptocurrency exchange Poly Network. Those responsible for that hack eventually returned all the money.
Last month, DeFi platform Qubit Finance had $80 million worth of binance coin hacked. Qubit has asked the hacker to return the funds, so far to no avail.
Crypto.com also reported a hack of $30 million last month. Hackers managed to bypass its two-factor authentication system and withdraw funds from 483 customer accounts, according to a statement the Singapore-based crypto exchange posted on its corporate blog.
What happened to Wormhole is an example of why many financial experts advise their clients not to invest large sums of money into cryptocurrency. Wormhole, Qubit and Crypto.com all are tales of buyer beware, said Ryan Firth, a financial planner in Texas with Mercer Street Financial.
"It just shows that the whole decentralized finance (DeFi) space is still in its infancy and that there could be flaws in the code that lead to the loss of invested assets," Firth told CBS MoneyWatch. "Moral of the story: don't invest more than you're willing to lose in crypto."
Although it is growing in popularity, digital currencies like bitcoin, ethereum and solana have been left largely unregulated in the America. Last year, U.S. Securities and Exchange Commission Chair Gary Gensler said cryptocurrency is "rife with fraud, scams and abuse" and is "more like the Wild West." Gensler said cryptocurrencies are unregistered securities that don't come with market oversight or proper disclosures to educate investors. That leaves prices open to manipulation and investors unprotected, he said.
Although the SEC has brought and won dozens of cases against fraudsters, Gensler said the agency needs more authority from Congress to regulate the crypto markets.