The hacker has not returned the stolen more than $300 million in ETH. So: where did the money with which the platform has replenished the funds come from?
Less than 24 hours after suffering a massive hack that resulted in losses of more than 300 million dollars, the well-known cross-chain protocol, wormhole, has reported the full restitution of the funds.
Blockchain bridge platform developers Ethereum Y Solarium updated the information on the incident this morning through his Twitter. The team of wormhole assured that the vulnerability that gave rise to the attack has already been fixed. In addition, the protocol is working normally and the stolen funds have been repaid.
All backgrounds have been restored and Wormhole is back. We are deeply grateful for your support and thank you for your patience.
All funds have been restored and Wormhole is back up.
We’re deeply grateful for your support and thank you for your patience.
— Wormhole???? (@wormholecrypto) February 3, 2022
The Twitter account did not provide details on how the funds have been returned, although it indicated that “is working on a detailed incident report and will share it as soon as possible”. Meanwhile, the fortune stolen from the protocol has not moved. As shown by data from etherscan, the mystery attacker’s address still holds close to $250 million mined through Wormhole.
It is unclear how the platform has reset the money, as the hacker has not returned the funds. The lack of information has led some users in the community to speculate about the reintegration of funds. Some reports suggest that Jump, a Chicago-based trading company that has shown interest in Solarium, has provided assistance to the protocol.
Two sources with knowledge of the process told the media The Block that Jump provided the funds to replenish the reserves of wormhole.
What happened to Wormhole?
The protocol cross chain was the victim of the largest hacking attack of 2022, and one of the largest historical heists in decentralized finance (DeFi). According to reports, wormhole lost 120,000 in wETH, a token wrapped of Ethereum (ETH) due to a failure in the validation of the accounts of the “guardians“. The vulnerability allowed the attacker to mint millions of dollars worth of wETH out of thin air.
“Wormhole failed to properly validate all input accounts, allowing the attacker to spoof keepers’ signatures and mint 120,000 ETH on Solana, of which 93,750 connected to EthereumSamczsun, a well-known white hat hacker, explained in a tweet on Wednesday.
The platform initially reported the incident on February 2, after hackers exploited the vulnerability. At the time, he said that the website would be down due to maintenance. He later shared a upgrade which confirmed previously reported loss figures. This Thursday, the developers published on the chronology of the incident:
18:26 UTC – the contract was mined for 120k ETH
00:33 UTC – the vulnerability was patched
13:08 UTC – ETH contract has been filled and all wETH is backed 1:1
13:29 UTC – the Portal (token bridge) is back up and running
An address associated with wormhole also sent a chain message offering the attacker a reward of USD$10 million for the details of the exploit and the return of the wETH minted in the attack.
It should be noted that wormhole It is a bridge protocol that allows assets to move across various protocols. blockchain. When a user sends assets from one chain to another, the bridge locks the assets and mints a wrapped version of the funds on the destination chain.
Article by Hannah Estefanía Pérez / DailyBitcoin
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.