Solana-based cross-chain protocol Wormhole has been attacked by hackers overnight. Some unknown attackers used an exploit and stole 120,000 WETH tokens (more than $319 million) from the project's backend.
The developers have said that they have fixed the vulnerability and sent "additional ETH" to the pool in order to provide liquidity support. During the investigation of the incident, the team has suspended the access to the service.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.
Wormhole smart contracts reportedly failed to perform full validation of input data, allowing transactions to be initiated with incorrect variables. Thanks to this vulnerability, the hackers were able to send WETH to their address.
The Wormhole team has contacted the attackers on the Ethereum network. The developers have offered them $10 million to return the stolen assets.
Security company Paradigm has also confirmed the vulnerability is related to the verification of input data by the cross-chain protocol. According to it, the exploit has allowed to completely bypass signature verification.