So what happened, and what did the Solana Wormhole hacker do with their ill-gotten gains after scoring over $320 Million in crypto?
At any moment, even a thoughtful smart contract deployed by a reputable organization may be just a single line of code away from hemorrhaging $320 million. With that kind of price tag, it’s no wonder that current demand for smart contract auditing and due diligence is higher than it’s ever been.
While there’s no denying the potential profit associated with DeFi’s revolutionary capabilities, the market seems keen to remind us, at times with alarming frequency, of just how quickly money can evaporate when even a single overlooked vulnerability is laid bare and exploited.
On February 02, 2022, AnChain.AI Blockchain Crypto-Incident Response Team analyzed the hack from the Wormhole token bridge.
By using AnChain.AI’s CISO™ Blockchain Auto-Tracing and graphical tracing, our team located the stolen funds.
The hacker moved a total of 93,750 ETH or $276.35 million (@ $2,947.72/ETH), in three separate transactions, to the wallet 0x629e7Da20197a5429d30da36E77d06CdF796b71A. The hacker exploited a vulnerability on the Solana side of the Wormhole Bridge to create Wrapped Ethereum tokens. They then used these tokens to claim ethereum that was held on the ethereum side of the bridge. As of now, the Wormhole Network Exploiter holds a balance of 93,750.62 ETH or $276.35 million (@ $2,947.72/ETH). AnChain.AI will continue to monitor the wallet for any suspicious activity.
Interestingly, within hours of the hack, the hacker purchased several crypto tokens, including a token called “Bored Ape Yacht Club Token (APE)”, which was deployed on the same day as the hack and appears to bear the same name as the popular NFT collection Bored Ape Yacht Club (BAYC). It has come to our attention that the token is currently unsellable, according to Token Sniffer. This reminds us of the recent SQUID Game crypto token rug pull that leveraged the popularity of the Korean Netflix show and FOMO (“fear of missing out”); the token was also unsellable and the developers made off with an estimated $3.38m. The parallel here is alarming.
As of today, the token has already skyrocketed a whopping 89,000% within two days of its deployment. The hacker swapped 0.733481869 ETH or $2162 for a total of 657.951 billion APE. With the token’s current price at $0.00000089/APE, the hacker’s tokens are currently worth $585,576.39.
The AnChain.AI team will continue to monitor the situation.
Smart contract due diligence has never been more critical, and while the AnChain.AI team is proud to say that no project we’ve audited has ever been hacked, developing trends clearly show that we must become even more vigilant.
If it seems like cryptocurrency scams are hitting faster and harder in recent years, it’s because that’s exactly the case: in 2021 alone DeFi hacks totalled well over $3 Billion. Illicit actors are exploiting seemingly secure smart contracts, and by the time reports like this are released, the damage is already done.
Perhaps that smart contract code you’ve been working on needs a double-check? To learn more, contact us at info@anchain.ai, and for the latest updates follow on Twitter @AnChainAI
