UPDATE: (10:30 am ET): Two sources with knowledge of the process tell The Block that Jump provided the funding to replenish Wormhole’s reserves.
This is a developing story and will be updated with more information.
Wormhole, a cross-chain protocol that suffered a $325 million exploit on Wednesday, has replenished its reserves.
“ETH contract has been filled and all wETH are backed 1:1,” Wormhole tweeted Thursday. “The Portal (token bridge) is back up.” Wormhole said it is working on a detailed incident report and will share it soon.
Wormhole lost 120,000 ether (ETH) in crypto’s fourth-largest and DeFi’s largest heist of all time. Wormhole’s failure to validate “guardian” accounts allowed the attacker to mint around $325 million worth of ETH out of thin air, according to blockchain analytics firm Elliptic.
“Wormhole didn’t properly validate all input accounts, which allowed the attacker to spoof guardian signatures and mint 120,000 ETH on Solana, of which they bridged 93,750 back to Ethereum,” Samczsun, a noted white-hat hacker, explained in a tweet.
It is unclear at present how Wormhole restocked its ETH contract since the attacker hasn’t returned funds to the protocol. Wormhole offered the attacker a $10 million bounty to return the funds.
Some have speculated that Wormhole, developed by Certus One, may have received assistance from Jump, a trading firm that last August acquired the blockchain infrastructure firm for an undisclosed amount. Wormhole was also mentioned in Jump’s announcement of Jump Crypto, a dedicated crypto-focused team, describing the latter as “founding code contributors” to Wormhole.
The Block reached out to Jump for comment and will update this report should we hear back.
© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.