A cross-blockchain bridge associated with the Solana network has suffered a devastating exploit in one of the biggest DeFi hacks of all time.

The Wormhole network says it lost a massive 120,000 in wrapped Ether – US$324 million worth.

Wormhole is a bridge between Solana and other blockchains, allowing users to bridge assets from one network to another. The original asset is supposed to be held in a smart contract on its native blockchain, with a “wrapped” token created on the blockchain being bridged to.

An Optimistic Ethereum developer by the name of Kelvin Fichter explained how the hack took place in a Twitter thread.

The hacker transferred 0.1 Ether from Ethereum into Solana, taking advantage of a bug in the Wormhole contract to trick the system into thinking 120,000 Ether had been deposited.

The exploit occurred at around 5.30am AEDT — roughly three hours after the Wormhole team had rolled out a patch for the bug, but before the team had deployed the patch.

Fichter posited that possibly the attacker had been keeping an eye on the Github repository the developers use to collaborate on changes to the code, and noticed the vulnerability when they tried to fix it.

Another possibility is that the “attacker knew about the bug in advance and was forced into exploiting the bug because the patch was being rolled out,” Fichter tweeted. “Seems hard to construct this attack within ~2 hours so could be a possibility here.”

The bug was fixed around noon AEDT, according to Wormhole’s Twitter account.

At lunchtime (Sydney time), “weWETH” (Wormhole Ether) was trading on Raydium for US$2,614 in USD Coin, just a slight discount. Ethereum was trading for US$2,695 in USDC on Uniswap.

The Wormhole network said in its announcement that it would add Ether to its vault to ensure that wrapped Ether on Solana was “backed 1:1”. But it didn’t explain where this Ether was coming from.

The hack is the biggest defi exploit since the $611 million Poly Network hack in August.