◇ Stage 1 · Briefing
Wormhole Bridge
Wormhole (Solana ↔ Ethereum)Wormhole's Solana bridge verified guardian signatures using a deprecated routine that never confirmed the verification was actually performed by the genuine system program. The attacker supplied a spoofed "verified signatures" account, tricked the bridge into accepting fabricated guardian approvals, and minted 120,000 wETH with no real collateral — then bridged it out. A fix had already been committed to the public repo but was not yet deployed. Jump Crypto refilled the hole the next day.
DateFebruary 2, 2022
Impact~$326M (120,000 wETH)
DurationExploited in minutes
Attack classBridge security
Timeline
Jan 13A fix removing the deprecated verification is committed to GitHub — not yet deployed.
Feb 2Attacker spoofs guardian signatures and mints 120k wETH.
Feb 2wETH is bridged to Ethereum and swapped before any backing is checked.
Feb 3Jump Crypto replaces the 120k ETH to keep the bridge solvent.
Stage 1 of 5