Wormhole Bridge Hack (2022).

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract. It belongs to the Web3 & Blockchain category of cybersecurity.

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract.

Wormhole was, in early 2022, the largest bridge between Solana and Ethereum, supporting wrapped-asset transfers in both directions. On 2 February 2022 an attacker exploited a bug in the bridge's Solana program: the smart contract used an outdated version of the `solana_program::sysvar::instructions::load_instruction_at` helper to verify Guardian-set signatures attesting to deposit events on the other chain. The attacker supplied a crafted instruction set that bypassed the deprecated check, convincing the bridge that a valid Guardian-signed message had attested a 120,000-ETH deposit on Ethereum. The contract then minted 120,000 wETH on Solana — worth roughly $326 million at the time — and the attacker swapped and bridged out. Jump Crypto, which had acquired Certus One (Wormhole's core developer), reimbursed the loss from its own balance sheet within hours, preserving Wormhole's user funds. The technical lesson — signature-verification helpers and chain-specific subtleties in bridge contracts — became a canonical example in Web3 audit guides; the broader lesson is that bridges concentrate cross-chain liquidity into small contracts that are catnip for adversaries.

Defences for Wormhole Bridge Hack (2022) typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: Wormhole hack, wETH mint exploit.