Solana Security Dashboard

Back to Exploits

Wormhole Bridge Exploit

Wormhole

Critical

Resolved

February 2, 2022

Smart Contract

$320,000,000.00

Description

An attacker exploited a vulnerability in Wormhole's smart contract validation logic, minting 120,000 wETH on Solana without proper backing on Ethereum.

Technical Details

The exploit occurred due to a signature verification vulnerability where the attacker was able to forge a valid signature for a VAA (Validator Action Approval) message.

Bridge

Cross-chain

Signature Verification

Exploit Timeline

Exploit Executed

Feb 2, 2022, 9:04 PM

Attacker exploited the signature verification to mint 120,000 wETH.

Bridge Halted

Feb 2, 2022, 11:00 PM

Wormhole team halted bridge operations.

Funds Replaced

Feb 3, 2022, 1:00 PM

Jump Crypto added 120,000 ETH to restore bridge solvency.

On-Chain Details

Transaction Hash

2xKjEGs4MSzC9RzLfr4MnvK8rKoBzA3P5QXP5xvG9Z3qwMJ8837FCQVPvbXkYHoNEAkVYjgVzGR2zTwmZQL4nHCY

View on Solana Explorer

Similar Exploits

Slope Wallet Private Key Leak

Wormhole Bridge Exploit

Cashio Infinite Mint Exploit

Protection Resources

Smart Contract Security Checklist

Essential checks for contract developers

Oracle Attack Prevention Guide

Learn to prevent oracle manipulation

Emergency Response Playbook

Quick response guide for projects