FEG Token Exploit Is Not Related to Wormhole

Key Points:

• FEG token exploit allowed a hacker to steal over $1 million across multiple chains, leaving holders down 99%.
• CertiK and BlockSec traced the exploit to errors in cross-chain message processing, confirming it was unrelated to Wormhole contracts.

The Wormhole Foundation has explained that the recent exploits of the Feed Every Gorilla (FEG) token have nothing to do with its platform and that all Wormhole contracts are safe.

Read more: 25.78% of Wormhole Token Supply Will Be In Circulation After Latest Unlock

FEG Token Exploit Causes $1 Million Loss

The FEG token exploit comes after the suspected exploit of "SmartBridge" that saw holders left down 99% Sunday after the attacker liquidated the stolen funds. In all, the FEG token is a core component for the project's "SmartDeFi" launchpads operating atop several blockchain networks.

The blockchain security firm CertiK pegged the exploit to an error in a relay contract's cross-chain message processing logic on December 29, 2024. Confirmation from CertiK showed that the contract was deployed by an address tagged to the FEG team and is not related to Wormhole.

This is the third attack to target the FEG project after it suffered two breaches in 2022. In its response, the FEG team noted the frustration of its community, first pointing at a vulnerability in the Wormhole bridge, which had earlier been audited by Peckshield. Peckshield claims to have found the root cause but has yet to make an official statement.

DeFi Vulnerabilities Spark Community Outcry

An independent analysis by crypto security platform BlockSec revealed that the attacker exploited a vulnerability via SmartBridge's relayer feature. It didn't verify whether the source address was approved to submit a withdrawal.

The FEG token exploits spanned multiple chains, including Ethereum, Base, and BNB Chain, to amass more than $1 million in profit. As noted by Cyvers, the attacker got 96 ETH on Ethereum, 73 ETH on Base, and 712 BNB from BNB Chain.