Wormhole Hacker May Have Claimed Airdrop Before Massive Heist

An airdrop checker from Solana indicates that the hacker responsible for the $320 million Wormhole bridge attack in 2022 was eligible to claim a $50,000 airdrop from Wormhole. The researcher said that the Wormhole team had neglected to remove many wallet addresses associated with that attack. The hacker would have had access to around 31,642 Wormhole (W) tokens, or almost $50,000 at current values, if they had claimed the airdrop.

Wormhole Hacker May Have Claimed $50,000 Airdrop Prior to Epic Heist

In a shocking revelation, it has emerged that the hacker who orchestrated the audacious $320 million Wormhole bridge exploit in 2022 may have previously received a $50,000 airdrop from the very protocol they later targeted.

According to a meticulous investigation conducted by anonymous researcher "Pland" and published on X, the Wormhole team inadvertently left multiple wallet addresses linked to the bridge hack unflagged and eligible for airdrops. Data from Airdrop.link, a Solana-based airdrop checker, indicates that four of these wallets briefly held the ability to claim Wormhole's airdropped W tokens.

Had the hacker chosen to withdraw their airdropped funds, they would have netted approximately 31,642 W tokens, equivalent to nearly $50,000 at current market prices. Cointelegraph's independent verification confirmed the eligibility of these wallet addresses before they were subsequently removed from the airdrop distribution, suggesting that the Wormhole team may have acted swiftly to patch the loophole.

The revelation that the Wormhole hacker may have exploited the protocol after receiving a substantial airdrop has sparked a chorus of questions and concerns. Could the initial airdrop have inadvertently legitimized the hacker's presence within the Wormhole ecosystem, providing them with an insider's perspective that aided their later attack?

In February 2023, a "counter exploit" was carried out against the Wormhole hacker by Jump Crypto and Oasis.app, resulting in the recovery of $225 million worth of digital assets. However, the broader implications of the hacker's prior receipt of an airdrop from the same protocol remain unclear.

Wormhole's recent announcement that eligible users would receive a massive airdrop of 675 million W tokens, equivalent to around $850 million, has heightened the intrigue surrounding the hacker's motives. While the airdrop is intended to distribute tokens fairly to the broader community, the involvement of the hacker in the distribution process raises ethical concerns.

Cointelegraph's attempts to contact Wormhole for comment were unsuccessful at the time of publication. The Solana block explorer, Solana.fm, confirms that the four eligible wallet addresses linked to the Wormhole hack have since been removed from the airdrop distribution.

The incident underscores the persistent challenges faced by the cryptocurrency industry in combating malicious actors and protecting user funds. As protocols continue to evolve and airdrops become increasingly common, robust security measures and proactive vigilance are paramount to safeguarding the integrity of the ecosystem. Ongoing investigations into the Wormhole hack are expected to shed further light on the hacker's tactics and the lessons that can be learned to prevent similar breaches in the future.