Hackers have stolen cryptocurrency worth more than US$320-million (R4.9-billion) from a decentralised finance platform, the fourth-largest crypto heist on record and the latest to shake the fast-growing DeFi sector.
Wormhole, a site that allows the transfer of information from one crypto network to another, said on Twitter on Wednesday that it was “exploited” for 120 000 units of a version of the second largest cryptocurrency, ether.
Wormhole did not immediately respond to a request for comment.
London-based blockchain analysis firm Elliptic said that attackers were able to fraudulently create the wETH tokens, almost 94 000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.
Wormhole said in another tweet early on Thursday that it had fixed the vulnerability in its system but was still working to get the network back up.
So-called DeFi platforms allow users to lend, borrow and save — usually in cryptocurrencies — while bypassing traditional gatekeepers of finance such as banks.
Cash has poured into DeFi sites, mirroring the explosion of interest in cryptocurrencies as a whole. Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.
Yet with their breakneck growth, DeFi platforms have emerged as a major hacking risk, with bugs in code and design flaws allowing criminals to target DeFi sites and deep pools of liquidity, and also to launder the proceeds of crime, while leaving few traces.
Risks
Fraud and theft at DeFi platforms surpassed $10-billion last year, research showed on Thursday, laying bare the risks in the fast-growing but mostly unregulated area of cryptocurrencies.
In August, hackers behind likely the biggest ever digital coin heist returned nearly all of the $610-million-plus they stole from the DeFi site Poly Network.
Hacks have long plagued crypto platforms. In 2018, digital tokens worth some $530-million were stolen from Tokyo-based platform Coincheck. Mt Gox, another Japanese exchange, collapsed in 2014 after hackers stole half a billion dollars of crypto. — Tom Wilson and Pushkala Aripaka, (c) 2022 Reuters
- Update: Wormhole tweeted on Thursday that “all funds have been restored” and its site is functioning again. The platform did not give further details or respond to requests for comment.