Wormhole funds 'safe' after $A449m hack

Tom Wilson and Pushkala AripakaReuters
Hackers have stolen more than $A449 million worth of cryptocurrency after targeting Wormhole.
Camera IconHackers have stolen more than $A449 million worth of cryptocurrency after targeting Wormhole. Credit: AP

Cryptocurrency platform Wormhole says "all funds are safe" after hackers stole more than $US320 million ($A449 million) from its site in the fourth-largest crypto heist on record.

Wormhole, which allows the transfer of information from one crypto network to another, said on Twitter on Wednesday it was "exploited" for 120,000 units of a version of the second-largest cryptocurrency, ether.

At the time of the announcement, the market value of the tokens totalled just over $US320 million ($A449 million).

The theft was the latest to shake the fast-growing but mostly unregulated decentralised finance (DeFi) sites, which allow users to lend, borrow and save - usually in cryptocurrencies - while bypassing traditional gatekeepers of finance such as banks.

Wormhole said in a further tweet early on Thursday that "the vulnerability has been patched" and it was working to get the network back up.

A message on Wormhole's Telegram channel later said, "a fix has been deployed and all funds are safe",without giving further details.

Wormhole did not respond to multiple requests for comment via social media. Like many DeFi sites, Wormhole gives few details of its location or structure.

London-based blockchain analysis firm Elliptic said attackers were able to fraudulently create the wETH tokens , almost 94,000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.

Elliptic added that Wormhole has offered the attacker a $US10 million ($A14 million) "bounty" to return the funds, citing messages embedded within ether transactions sent to the attacker's digital address.

Cash has poured into DeFi sites, mirroring the explosion of interest in cryptocurrencies as a whole.

Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.

Yet with their breakneck growth, DeFi platforms have emerged as a major hacking risk, with bugs in code and design flaws allowing criminals to target DeFi sites and deep pools of liquidity, and also to launder the proceeds of crime, while leaving few traces.

Fraud and theft at DeFi platforms surpassed $US10 billion ($A14 billion) last year, research by Elliptic shows, laying bare the risks in the fast-growing but mostly unregulated area of cryptocurrencies.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails