On February 2, 2022, an attacker minted 120,000 wETH on Solana with no corresponding ETH locked on Ethereum and bridged most of it back out for ~$326M.
What happened
Wormhole's Solana program used a deprecated, insecure system instruction to verify the set of guardian signatures attached to a VAA (Verified Action Approval). The check called solana_program::sysvar::instructions::load_instruction_at instead of the more recent load_instruction_at_checked, which does not validate that the supplied instructions sysvar account is the real one.
The attacker provided a spoofed sysvar account, causing the verifier to read an attacker-supplied signature payload that already passed verification. With that, they constructed a VAA that authorised minting 120,000 wETH to themselves, completing the mint and bridging 93,750 wETH back to Ethereum.
Aftermath
- Jump Trading, parent of Wormhole maintainer Jump Crypto, replenished the 120,000 ETH shortfall within 24 hours to keep wETH fully backed on Solana.
- The patch — replacing the call with
load_instruction_at_checked— had been merged onmasterthe day before the attack but had not been deployed to mainnet. - The exploit remains the largest documented Solana-side bridge incident.
Why it matters
Wormhole reinforced two lessons that recurred across 2022's bridge hacks: deploy fixes immediately, and treat any function that consumes pre-verified cryptographic proofs as part of the trust boundary — including the sysvar accounts it reads.
Sources & on-chain evidence
- [01]medium.comhttps://medium.com/coinmonks/wormhole-hack-explained-1bf6c8e7e60f
- [02]twitter.comhttps://twitter.com/wormholecrypto/status/1489005494997475335
- 0xb6e5e7b0bcf2f80a813b29b3c891b8a9c5b1f8d7f8d4f8ed72a3e0fc8e1f3c4f