Hackers Stole 120,000 WETH From the Wormhole’s Pool
On the night of February 3, hackers attacked the Solana-based Wormhole cross-chain protocol and withdrew 120,000 WETH from the project’s pool (more than $319 million at the time of writing).
The developers reported that they closed the vulnerability, and an additional amount of ETH was sent to provide the necessary liquidity. Until the end of the investigation, access to the service is closed.
CertiK explained that hackers exploited a vulnerability in Wormhole smart contracts that did not fully validate input data.
Paradigm security analyst samczsun said the project team contacted the hackers’ address on the Ethereum network and offered a $10 million reward for the return of stolen assets.
He also added that the vulnerability is related to the verification of input data by the cross-chain bridge protocol, which made it possible to completely bypass signature verification.