Jump Trading replaces stolen Wormhole funds after $320 million crypto hack

By Tom Wilson and Pushkala Aripaka

LONDON (Reuters) – The cryptocurrency arm of Jump Trading said on Thursday it had restored more than $320 million to crypto platform Wormhole after the decentralized finance site was hit with one of the largest crypto heists on record.

In a tweet, Jump Crypto said they chose to replace the stolen money “to make community members whole and support Wormhole now as it continues to develop.”

Chicago-based Jump Trading acquired Certus One, the developer behind Wormhole, in August.

Wormhole, an online platform that allows the transfer of information across crypto networks, said on Wednesday it had been “exploited” for 120,000 digital tokens connected to the second-largest cryptocurrency, ether.

At the time of its announcement, the market value of the tokens was just over $320 million.

The theft was the latest to hit the fast-growing but mostly unregulated DeFi sector. DeFi platforms allow users to lend, borrow and save – usually in crypto – while bypassing traditional gatekeepers of finance such as banks.

“All funds have been restored and Wormhole is back up,” the platform said on Twitter after earlier saying on its Telegram channel that “all funds are safe”.

London-based blockchain analysis firm Elliptic said that attackers were able to fraudulently create the wETH tokens, almost 94,000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.

Elliptic added that Wormhole has offered the attacker a $10 million “bounty” to return the funds, citing messages embedded within ether transactions sent to the attacker’s digital address.

Major hacking risk

Cash has poured into DeFi sites, mirroring the explosion of interest in cryptocurrencies as a whole. Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.

Yet with their breakneck growth, DeFi platforms have emerged as a major hacking risk, with bugs in code and design flaws allowing criminals to target DeFi sites and deep pools of liquidity, and also to launder the proceeds of crime, while leaving few traces.

Fraud and theft at DeFi platforms surpassed $10 billion last year, research by Elliptic shows, laying bare the risks in the fast-growing but mostly unregulated area of cryptocurrencies.

Last August, hackers behind likely the biggest ever digital coin heist returned nearly all of the $610 million-plus they stole from the DeFi site Poly Network.

Hacks have long plagued crypto platforms. In 2018, digital tokens worth some $530 million were stolen from Tokyo-based platform Coincheck. Mt. Gox, another Japanese exchange, collapsed in 2014 after hackers stole half a billion dollars of crypto.

(Reporting by Tom Wilson in London and Pushkala Aripaka in Bengaluru; additional reporting by Hannah Lang in Washington; Editing by Robert Birsel, Susan Fenton, Kirsten Donovan)