Hacker Eligible for $50k Reward in Wormhole Exploit Despite $326M Theft

The perpetrator of the $326 million Wormhole exploit has become eligible to claim over $50,000 in W tokens due to an oversight by Wormhole that failed to exclude wallets linked to the hack. This eligibility stems from transactions made during the exploit in February 2022, after which Wormhole airdropped its tokens to early adopters of its cross-chain messaging infrastructure. The incident remains one of the largest crypto security breaches, with 120,000 Wormhole Ether (whETH) being minted in the exploit.

Wormhole Exploitation: Hacker Eligible to Claim over $50,000 in Rewards

April 4, 2023 - The perpetrator behind the notorious $326 million exploit on the Wormhole cross-chain bridge has unexpectedly become eligible to claim over $50,000 worth of W tokens. This revelation has sparked concerns about the integrity of the Wormhole airdrop and raised questions about the project's security measures.

According to a report by Degen News, the hacker's eligibility stems from transactions made using four wallets during the February 2022 exploit. These transactions qualified the perpetrator for 31,000 W tokens, a substantial portion of the 617 million tokens airdropped to early adopters.

The eligibility issue was discovered on April 3 by Pland, another Degen News user, after Wormhole inadvertently failed to exclude the wallets linked to the hack. The airdrop was conducted on the same day, distributing tokens to individuals who had interacted with Wormhole's cross-chain messaging protocol.

Rekt News, a prominent security-focused outlet, has highlighted the Wormhole incident as the fifth largest crypto theft in history. The hacker bypassed the project's smart contract to mint 120,000 Wormhole Ether (whETH) on February 2, 2022.

The exploit prompted the perpetrator to transfer 93,750 Ether back to the Ethereum network and liquidate their remaining holdings on Solana into USD Coin (USDC) and SOL. However, the entire loss was covered by Wormhole's backer, Jump Crypto, the following day.

The revelation of the hacker's eligibility for rewards has cast a shadow over Wormhole's airdrop. Critics have argued that excluding the hacker's wallets should have been a priority for the team, as it would have prevented the distribution of tokens to a known malicious actor.

The incident has also reignited concerns about Wormhole's security protocols. The fact that the hacker was able to bypass the project's smart contract has raised questions about the robustness of the code and the project's overall security posture.

Wormhole has yet to comment on the situation or provide an explanation for the failure to exclude the hacker's wallets from the airdrop. The project's team is expected to issue a statement in the coming days to address the public's concerns and provide further details on the eligibility criteria.