When they talk about decentralized finance, they don’t mean decentralized like that.
Over $300 million worth of wrapped ether (wETH) was stolen Wednesday thanks to what appears to be a massive exploit in the DeFi Wormhole protocol. In response, the team behind the protocol — which allows for interaction across different blockchains — temporarily pulled the entire thing down.
“The wormhole network is down for maintenance as we look into a potential exploit,” read a Wednesday afternoon announcement from the Wormhole team. “We will provide updates here as soon as we have them. Thank you for your patience.”
Shortly afterward, the team made clear just how much cryptocurrency was actually stolen.
“The wormhole network was exploited for 120k wETH,” wrote the team. “ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly.”
At the time of this writing, 120,000 wETH was worth approximately $323,000,000.
In a plea encoded into the blockchain, the Wormhole team asked the culprit behind the theft to return the money and promised a $10 million bounty in return.
“We’d like to offer you a whitehat agreement,” read the message in part, “and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected]”
Wormhole was able to patch the vulnerability later in the day, and confirmed it was working to get its network back online.
Meanwhile, those paying attention called out exactly how big of a deal this all is. That’s because, in addition to the obvious issues involved with a theft of this size, what was stolen wasn’t just regular ethereum. It was wrapped ethereum. At its most basic level, wETH is a token pegged to the value of ether, and wrapped ether is fundamental to the function of many decentralized applications (known as DApps).
Notably, while begging a thief to return stolen funds may seem like a sign of desperation, that doesn’t mean it won’t work. It was just last August that another DeFi hacker returned a chunk of approximately $600 million in stolen cryptocurrency — minus a cut, of course.
The Wormhole developers just have to hope that their $10 million offer is enough to bring about that kind of luck.