Wormhole Bridge Hack (2022).

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract. サイバーセキュリティの Web3 とブロックチェーン カテゴリに属します。

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract.

Wormhole was, in early 2022, the largest bridge between Solana and Ethereum, supporting wrapped-asset transfers in both directions. On 2 February 2022 an attacker exploited a bug in the bridge's Solana program: the smart contract used an outdated version of the `solana_program::sysvar::instructions::load_instruction_at` helper to verify Guardian-set signatures attesting to deposit events on the other chain. The attacker supplied a crafted instruction set that bypassed the deprecated check, convincing the bridge that a valid Guardian-signed message had attested a 120,000-ETH deposit on Ethereum. The contract then minted 120,000 wETH on Solana — worth roughly $326 million at the time — and the attacker swapped and bridged out. Jump Crypto, which had acquired Certus One (Wormhole's core developer), reimbursed the loss from its own balance sheet within hours, preserving Wormhole's user funds. The technical lesson — signature-verification helpers and chain-specific subtleties in bridge contracts — became a canonical example in Web3 audit guides; the broader lesson is that bridges concentrate cross-chain liquidity into small contracts that are catnip for adversaries.

Wormhole Bridge Hack (2022) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Wormhole hack, wETH mint exploit。