Cryptocurrency platform Wormhole says “all funds are safe” after hackers stole more than $US320 million ($449 million) from its site in the fourth-largest crypto heist on record.

Wormhole, which allows the transfer of information from one crypto network to another, said on Twitter on Wednesday it was “exploited” for 120,000 units of a version of the second-largest cryptocurrency, ether.

At the time of the announcement, the market value of the tokens totalled just over $US320 million ($449 million).

The theft was the latest to shake the fast-growing but mostly unregulated decentralised finance (DeFi) sites, which allow users to lend, borrow and save – usually in cryptocurrencies – while bypassing traditional gatekeepers of finance such as banks.

https://t.co/TqkVwHqo9c

— Wormhole (@wormhole) February 3, 2022

Wormhole said in a further tweet early on Thursday that “the vulnerability has been patched” and it was working to get the network back up.

A message on Wormhole’s Telegram channel later said, “a fix has been deployed and all funds are safe”,without giving further details.

Wormhole did not respond to multiple requests for comment via social media.

Like many DeFi sites, Wormhole gives few details of its location or structure.

London-based blockchain analysis firm Elliptic said attackers were able to fraudulently create the wETH tokens, almost 94,000 of which were later transferred to the ethereum blockchain, which powers transactions for ether.

Elliptic added that Wormhole has offered the attacker a $US10 million ($14 million) “bounty” to return the funds, citing messages embedded within ether transactions sent to the attacker’s digital address.

Cash has poured into DeFi sites, mirroring the explosion of interest in cryptocurrencies as a whole.

Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.

Yet with their breakneck growth, DeFi platforms have emerged as a major hacking risk, with bugs in code and design flaws allowing criminals to target DeFi sites and deep pools of liquidity, and also to launder the proceeds of crime, while leaving few traces.

Fraud and theft at DeFi platforms surpassed $US10 billion last year, research by Elliptic shows, laying bare the risks in the fast-growing but mostly unregulated area of cryptocurrencies.

-Reuters