Wormhole replenishes its blockchain bridge after $325 million exploit

Quick Take

  • The Wormhole bridge is back up after a big exploit yesterday.
  • Wormhole has refilled its ETH contract that lost nearly $325 million.
  • Jump Crypto, which incubated Wormhole, later confirmed that it provided the 120,000 ETH.

UPDATE: (10:30 am ET): Two sources with knowledge of the process tell The Block that Jump provided the funding to replenish Wormhole's reserves.

"@JumpCryptoHQ believes in a multichain future and that @WormholeCrypto is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop," Jump Crypto later wrote in a tweet."

This is a developing story and will be updated with more information.


Original report: 

Wormhole, a cross-chain protocol that suffered a $325 million exploit on Wednesday, has replenished its reserves. 

"ETH contract has been filled and all wETH are backed 1:1," Wormhole tweeted Thursday. "The Portal (token bridge) is back up." Wormhole said it is working on a detailed incident report and will share it soon.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Wormhole lost 120,000 ether (ETH) in crypto's fourth-largest and DeFi's largest heist of all time. Wormhole's failure to validate "guardian" accounts allowed the attacker to mint around $325 million worth of ETH out of thin air, according to blockchain analytics firm Elliptic.

"Wormhole didn't properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum," Samczsun, a noted white-hat hacker, explained in a tweet. 

It is unclear at present how Wormhole restocked its ETH contract since the attacker hasn't returned funds to the protocol. Wormhole offered the attacker a $10 million bounty to return the funds.

Some have speculated that Wormhole, developed by Certus One, may have received assistance from Jump, a trading firm that last August acquired the blockchain infrastructure firm for an undisclosed amount. Wormhole was also mentioned in Jump's announcement of Jump Crypto, a dedicated crypto-focused team, describing the latter as "founding code contributors" to Wormhole.

The Block reached out to Jump for comment and will update this report should we hear back.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Yogita Khatri is a senior reporter at The Block, covering all things crypto. As one of the earliest team members, Yogita has played a pivotal role in breaking numerous stories, exclusives and scoops. With nearly 3,000 articles under her belt, Yogita holds the records as The Block's most-published and most-read author of all time. Prior to joining The Block, Yogita worked at crypto publication CoinDesk and The Economic Times, where she wrote on personal finance. To contact her, email: [email protected]. For her latest work, follow her on X @Yogita_Khatri5.