Wormhole Bridge Hack (2022).

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract. 它属于网络安全的 Web3 与区块链 分类。

A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract.

Wormhole was, in early 2022, the largest bridge between Solana and Ethereum, supporting wrapped-asset transfers in both directions. On 2 February 2022 an attacker exploited a bug in the bridge's Solana program: the smart contract used an outdated version of the `solana_program::sysvar::instructions::load_instruction_at` helper to verify Guardian-set signatures attesting to deposit events on the other chain. The attacker supplied a crafted instruction set that bypassed the deprecated check, convincing the bridge that a valid Guardian-signed message had attested a 120,000-ETH deposit on Ethereum. The contract then minted 120,000 wETH on Solana — worth roughly $326 million at the time — and the attacker swapped and bridged out. Jump Crypto, which had acquired Certus One (Wormhole's core developer), reimbursed the loss from its own balance sheet within hours, preserving Wormhole's user funds. The technical lesson — signature-verification helpers and chain-specific subtleties in bridge contracts — became a canonical example in Web3 audit guides; the broader lesson is that bridges concentrate cross-chain liquidity into small contracts that are catnip for adversaries.

针对 Wormhole Bridge Hack (2022) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Wormhole hack, wETH mint exploit。