Wormhole, a cross-chain protocol that was hacked for $325 million on Wednesday, has supplemented its reserves.
Hackers stole $322 million from Solana (SOL) after exploiting a Wormhole vulnerability, but the interoperability protocol has informed its customers that the funds have been returned.
On February 2, the interoperability protocol informed its users about the exploit and maintenance plans that eventually brought the network offline.
The Wormhole team contacted the hacker via their Ethereum address, promising the hacker $10 million in stolen assets in exchange for the remaining funds being returned.
“This is the Wormhole Deployer: We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at email@example.com”
There has been no new information about the Wormhole team’s offer to the hacker.
Wormhole lost 120,000 ether (ETH) in the fourth-biggest crypto theft of all time, and DeFi’s largest. According to blockchain analytics firm Elliptic, Wormhole’s failure to confirm “guardian” accounts allowed the attacker to create $325 million worth of ETH out of thin air.
The attack was carried out by exploiting a Solana VAA flaw, which is a bridge function that checks asset transfers.
This is the second token bridge smart contract exploit in a week. On Binance Smart Chain, Qubit Finance’s QBridge was exploited for $80 million on Friday.
It’s also similar to the Poly Network theft, which saw $610 million in cryptocurrency taken from the site in August. In one scenario, the whitehat hacker refunded nearly all of the funds.
The high frequency of smart contract hacks on token bridges backs up Vitalik Buterin’s warning on January 7 that “fundamental security limits of bridges” exist.
Although the Ethereum founder’s warning came in the context of a 51 percent attack on Ethereum, his advise was relevant since it pointed out the general vulnerability that exists on bridges that transmit tokens over layer-1 blockchains.