Wormhole, a protocol which lets users bridge assets between Solana and other blockchains, has been exploited to the tune of over $320M.
News of the exploit was first shared on Twitter by samczsun, a research partner at crypto investment firm Paradigm.
That would make it DeFi’s second largest exploit ever, according to rekt’s leaderboard, which ranks crypto exploits by the total value of assets lost.
Wormhole has confirmed the exploit on their Twitter account.
According to Twitter user Robot Dad, the attacker minted 120K ETH on Solana through a bug in Wormhole.
Kelvin Fitcher, a software engineer at Optimism, the Layer 2 scaling solution, confirmed the number, pointing to a minting transaction on Solana.
According to Robot Dad, the attacker then traded 80K fake ETH for legitimate ETH on the Ethereum blockchain using the Wormhole bridge, while trading the other 40K of illegitimate ETH for other assets on Solana.
Solscan, which tracks tokens on Solana, shows that ETH wrapped by Wormhole comprises roughly 19% of the total ETH on the blockchain.
There will likely be effects downstream of the exploit as Wormhole wrapped ETH is essentially valueless.
“Domino effect of now uncollateralized loans against wormhole ETH severely undermentioned,” tweeted Georgios Konstantopoulos, CTO and also a research partner at Paradigm.
The dangers of using bridged assets have been well documented. Ethereum co-founder Vitalik Buterin, warned of the dangers of cross-chain bridges last month on Reddit, writing that “it’s always safer to hold Ethereum-native assets on Ethereum or Solana-native assets on Solana than it is to hold Ethereum-native assets on Solana or Solana-native assets on Ethereum.”