← Back to archive
Hack·resolved

Wormhole Bridge Hack — February 2022

A signature-verification flaw in the Solana-Ethereum Wormhole bridge allowed an attacker to mint 120,000 wETH on Solana without depositing the matching ETH — a $325 million theft that Jump Trading replenished from its own balance sheet.

Wormhole is a cross-chain bridge that allows users to lock ETH on Ethereum and mint a representative token (whETH) on Solana, Avalanche, BSC and other connected chains. Each cross-chain transfer is authorised by a quorum of "guardian" validators who sign attestations the destination contract verifies on-chain.

On 2 February 2022 an attacker exploited a flaw in the Solana-side verify_signatures instruction that allowed a forged set of guardian signatures to pass. The attacker submitted a transfer attestation claiming a 120,000 ETH deposit on Ethereum that had never occurred and minted the corresponding 120,000 whETH on Solana. They subsequently bridged most of the supply to Ethereum and converted it to ETH and stETH.

Within hours, Jump Crypto — parent investor in Wormhole's development arm — announced it had replenished the Ethereum-side bridge reserves from its own balance sheet, preventing insolvency of the bridge and of whETH holders on Solana. The bridge code was patched and a public bug-bounty programme of $10 million per vulnerability was announced.

In February 2024 a court-authorised counter-exploit recovered the stolen funds from the attacker's Tinyman position. The Wormhole Recovery DAO subsequently received the proceeds.

Timeline

  1. Forged attestation mints 120,000 whETH on Solana

    Attacker submits a malformed signature set to the Solana-side bridge contract; verification passes and 120,000 whETH is minted to their address.

  2. Stolen whETH bridged to Ethereum and converted

    Most of the supply is moved cross-chain and split between ETH and stETH positions.

  3. Wormhole tweets confirmation of exploit

    The development team publicly discloses the attack and offers the attacker a $10M whitehat bounty for return of funds.

  4. Jump Crypto replenishes Ethereum-side reserves

    Jump announces it has provided 120,000 ETH from its own balance sheet to backstop whETH on Solana, preventing insolvency.

  5. Court-authorised recovery from attacker's Tinyman position

    A counter-exploit, authorised by judicial process, recovers the stolen funds from the attacker's positions on Algorand-based Tinyman.

Who was involved

Structural failures identified

Related records

Sources

  1. Wormhole post-incident audit reports, Wormhole Foundation — Technical root-cause analysis
  2. Wormhole exploit disclosure thread, Wormhole — Initial public disclosure