Yesterday, beginning at 18:24 UTC, someone or something exploited a security vulnerability on Wormhole, a tool that allows users to swap assets between Ethereum and a number of blockchains, resulting in the loss of 120,000 wrapped ether (or wETH, worth about $321 million) on the platform.
This is the second largest decentralized finance (DeFi) attack to date, according to rekt’s leaderboard, in an industry where security exploits are fairly common and part of users’ risk curve. There’s a whole business made out of code reviews, a lexicon of industry-specific jargon to explain what’s going on and something of a playbook to follow if and when “hacks” inevitably occur.
Wormhole, apart from catching and patching this bug earlier, has seemingly tried to do the right thing: They shut down the platform to prevent further losses, notified the public of what they know and announced Jump Trading is on the line to replenish the stolen coins.