Cryptocurrency platform Wormhole said on Thursday that “all funds are safe” after hackers stole more than $320 million from its site in the fourth-largest crypto heist on record.
Wormhole, which allows the transfer of information from one crypto network to another, said on Twitter on Wednesday that it was “exploited” for 120,000 units of a version of the second-largest cryptocurrency, ether. At the time of the announcement, the market value of the tokens totalled just over $320 million.
The theft was the latest to shake the fast-growing but mostly unregulated decentralised finance (DeFi) sites, which allow users to lend, borrow and save – usually in cryptocurrencies – while bypassing traditional gatekeepers of finance such as banks.
Wormhole said in a further tweet early on Thursday that “the vulnerability has been patched” and it was working to get the network back up. A message on Wormhole’s Telegram channel later said: “A fix has been deployed and all funds are safe,” without giving further details.
Wormhole did not respond to multiple Reuters requests for comment via social media. Like many DeFi sites, Wormhole gives few details of its location or structure.
London-based blockchain analysis firm Elliptic said that attackers were able to fraudulently create the wETH tokens, almost 94,000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.
Elliptic added that Wormhole has offered the attacker a $10 million “bounty” to return the funds, citing messages embedded within ether transactions sent to the attacker’s digital address.
