Yet another thunderous crypto theft has descended from the heavens, predictably threatening to bankrupt everyone involved. The aptly named Wormhole, a DeFi cross-chain protocol, announced Wednesday that it had been the victim of a previously unknown exploit, the likes of which allowed a hacker to suck some $US325 (around A$455) million worth of crypto from the platform’s coffers.
In the world of decentralized finance, a cross-chain protocol (also called a “bridge”) is built to provide “interoperability” between separate DeFi blockchain networks and (supposedly) allow for the secure transferral of tokens from one chain to another.
That’s how it’s supposed to work, anyway. Clearly, that’s not what happened with Wormhole, which reported Wednesday that an exploit had allowed some random fiend to make off with 120,000 wETH (the equivalent, at the time of the theft, of approximately $US325 (around A$455) million). The technical alchemy necessary to pull this off isn’t really worth going into but, suffice it to say, it left a lot of unhappy campers sitting around, wondering what had just happened.
After the hack understandably caused mass hysteria on Twitter, the platform did its best to calm the waters, but concerns were understandably high: Wormhole occupies substantial space in DeFi, apparently representing a major causeway for the exchange of assets between the Solana ecosystem and other decentralized networks.
In a manoeuvre that is becoming more and more common, the platform offered its hacker a $US10 (A$14) million “bug bounty,” in a bid to “buy” back the stolen funds. A similar tactic was used last summer when DeFi platform Poly Network was hacked and lost over $US600 (A$841) million. For some reason, it actually worked in that case. Not so much here.
Just as things were looking pretty fucking dire for ol’ Wormhole, the platform surprised everybody on Thursday by claiming that things had somehow returned to normal. The company tweeted that its systems had been “patched” and that “all funds” that were looted in the incident have since “been restored.” Wow, if you say so, dude! This certainly sounded like good news, but it also wasn’t immediately clear what Wormhole was talking about. Did the hacker give the money back? Did somebody bail them out?
It soon became apparent that it was the latter. Jump Crypto, Wormhole’s parent company, announced Thursday that it had replenished the platform’s funds as a means of staving off what would have otherwise probably been a tumultuous, humiliating collapse.
.@JumpCryptoHQ believes in a multichain future and that @WormholeCrypto is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.
— jump_crypto (@jump_) February 3, 2022
So, uh, yeah, there you have it. Yet another fun misadventure in the world of decentralized finance. According to blockchain analysis firm Elliptic, this incident represents the fourth-largest crypto theft of all time (it’s right behind the notorious Mt. Gox catastrophe), and also adds a significant gob to the over $US2 (A$2.8) billion that has already been lost to DeFi-related hacks.
While DeFi is supposed to be a pivotal institution in the utopian, crypto-bro dream of a world governed by blockchain, more and more evidence seems to show that it’s really just a great way for you to lose a lot of money. We recently put together a run-down on some of the biggest crypto rip-offs of 2021, of which (surprise!) DeFi-related incidents played a hefty role.