Wormhole Hack 2022 — $320M Exploit Analysis

Attacker exploited a signature verification bypass in Wormhole's Solana contract to mint 120,000 wETH without backing.

Details

Full Description

The attacker found a vulnerability in Wormhole's Solana contract that allowed bypassing signature verification. By exploiting a legacy 'verify_signatures' function that was not properly deprecated, they crafted a spoofed VAA (Verified Action Approval) to mint 120,000 wETH on Solana. They then bridged 93,750 wETH to Ethereum.

Laundering Analysis

Stolen ETH largely held in the attacker's wallet for months. Some converted to SOL through Jupiter aggregator. Eventually linked to Jump Crypto, which replenished the 120,000 ETH to make users whole. Attacker's identity unknown. Funds moved to various DeFi protocols.

Sources

Transaction Hashes

Related Hacks

Back to Browse