{"id":57072,"date":"2022-02-03T09:53:00","date_gmt":"2022-02-03T07:53:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=57072"},"modified":"2025-09-04T09:50:34","modified_gmt":"2025-09-04T06:50:34","slug":"hackers-drain-more-than-319-million-from-wormhole-cross-chain-bridge-pool","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-drain-more-than-319-million-from-wormhole-cross-chain-bridge-pool\/","title":{"rendered":"Hackers drain more than $319 million from Wormhole cross-chain bridge pool"},"content":{"rendered":"<p>On the night of February 3, the Wormhole cross-chain protocol on Solana came under a hacker attack. The attackers exploited the vulnerability and withdrew 120,000 WETH (over $319 million at the time of writing).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"und\"><a href=\"https:\/\/t.co\/TqkVwHqo9c\">https:\/\/t.co\/TqkVwHqo9c<\/a><\/p>\n<p>\u2014 Wormhole\ud83c\udf2a (@wormholecrypto) <a href=\"https:\/\/twitter.com\/wormholecrypto\/status\/1489036678304083968?ref_src=twsrc%5Etfw\">February 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The developers said they had closed the vulnerability and directed additional ETH to the pool to support liquidity. For the duration of the investigation, the team <a href=\"https:\/\/portalbridge.com\/#\/\">closed<\/a> access to the service.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">February 3, 2022 | 17:30<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The Wormhole team said that we have \u201crestored all funds\u201d and opened user access to the bridge. The report on the incident will be published later.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">The team is working on a detailed incident report and will share it asap<\/p>\n<p>18:26 UTC \u2014 contract was exploited for 120k ETH<\/p>\n<p>00:33 UTC \u2014 vulnerability was patched<\/p>\n<p>13:08 UTC \u2014 ETH contract has been filled and all wETH are backed 1:1<\/p>\n<p>13:29 UTC \u2014 the Portal (token bridge) is back up<\/p>\n<p>\u2014 Wormhole\ud83c\udf2a (@wormholecrypto) <a href=\"https:\/\/twitter.com\/wormholecrypto\/status\/1489233259808571401?ref_src=twsrc%5Etfw\">February 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">February 3, 2022 | 19:59<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Sources CoinDesk and <a href=\"https:\/\/www.theblock.co\/post\/132909\/wormhole-replenishes-its-blockchain-bridge-after-325-million-exploit\">The Block<\/a> say Jump Trading provided funding to the Wormhole team to restore the lost ETH. <\/p>\n<p>In August 2021 <a href=\"https:\/\/u1f987.com\/en\/news\/media-jump-trading-to-acquire-infrastructure-company-certus-one\">Jump Trading acquired the infrastructure firm Certus One<\/a>, which <a href=\"https:\/\/medium.com\/certus-one\/introducing-the-wormhole-bridge-24911b7335f7\">is behind<\/a> the development of the cross-chain protocol. <\/p>\n<\/div>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">February 4, 2022 | 14:39<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Jump Trading confirmed that it provided funding to compensate Wormhole losses. The company noted that the cross-chain bridge is a \u201cvital part of the infrastructure.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">.<a href=\"https:\/\/twitter.com\/JumpCryptoHQ?ref_src=twsrc%5Etfw\">@JumpCryptoHQ<\/a> believes in a multichain future and that <a href=\"https:\/\/twitter.com\/wormholecrypto?ref_src=twsrc%5Etfw\">@WormholeCrypto<\/a> is essential infrastructure. That\u2019s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.<\/p>\n<p>\u2014 Jump Crypto \ud83e\uddac (@JumpCryptoHQ) <a href=\"https:\/\/twitter.com\/JumpCryptoHQ\/status\/1489301013408497666?ref_src=twsrc%5Etfw\">February 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<p>CertiK explained that Wormhole\u2019s smart contracts did not perform a full verification of input data correctness, which allowed transactions with incorrect variables to be initiated. Thanks to this vulnerability, the hackers could mint WETH to their own address.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\"><a href=\"https:\/\/twitter.com\/hashtag\/IncidentAnalysis?src=hash&#038;ref_src=twsrc%5Etfw\">#IncidentAnalysis<\/a><\/p>\n<p>In this case, the spoofed data will be passed and processed.<\/p>\n<p>The mint authority for the Wormhole ETH is a PDA and will sign the \u201cmint\u201d instruction.<\/p>\n<p>Lastly, the \u201cinvoked_seeded instr\u201d will be successfully triggered and mint Wormhole ETH to the attacker. <a href=\"https:\/\/t.co\/YtoPZ2i5bo\">pic.twitter.com\/YtoPZ2i5bo<\/a><\/p>\n<p>\u2014 CertiK Security Leaderboard (@CertiKCommunity) <a href=\"https:\/\/twitter.com\/CertiKCommunity\/status\/1489049089945784322?ref_src=twsrc%5Etfw\">February 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As noted in January 2022, <a href=\"https:\/\/u1f987.com\/en\/news\/vitalik-buterin-says-cross-chain-bridges-are-vulnerable-to-51-attacks\">Vitalik Buterin described cross-chain bridges as vulnerable<\/a> due to concerns about asset security.<\/p>\n<p>Read ForkLog&#8217;s bitcoin news on our Telegram \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the night of February 3, the Solana-based Wormhole cross-chain protocol was hacked. Attackers exploited a vulnerability and withdrew 120,000 WETH (over $319 million at the time).<\/p>\n","protected":false},"author":1,"featured_media":57073,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1210],"class_list":["post-57072","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cross-chain-protocols"],"aioseo_notices":[],"amp_enabled":true,"views":"36","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/57072","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=57072"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/57072\/revisions"}],"predecessor-version":[{"id":57074,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/57072\/revisions\/57074"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/57073"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=57072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=57072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=57072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}