Last night, cross-chain protocol based on Solana Wormhole was hacked. The attackers took advantage of an exploit and stole 120,000 WETH tokens from the project pool (about $319 million).
The developers of the project have reported they fixed the vulnerability and sent “additional ETH” to the pool to provide liquidity support. During the investigation of the incident, the team closed access to the service.
CertiK has explained Wormhole smart contracts did not perform full validation of the input data, which allowed transactions to be initiated with incorrect variables. Thanks to this vulnerability, hackers were able to issue WETH to their address.
Paradigm security analyst samczsun has noted the project team contacted the address of the attackers on the Ethereum network. The developers have offered a $10 million reward if they return the assess.