CROSS-CHAIN BRIDGE ATTACK

WORMHOLE BRIDGE
$326M EXPLOIT

The fix was in the repository. It just wasn't deployed. Nine hours. $326 million.

LOSS

$326,000,000

STATUS

VERIFIED

VECTOR

CROSS-CHAIN

DATE

FEB 2, 2022

The 0-Day That Was Already Fixed

The tragedy of operational failure.

On February 2, 2022, an attacker exploited Wormhole—the largest bridge connecting Solana and Ethereum. They spoofed the signature verification system by passing a fake sysvar account, minting 120,000 wETH ($326M) without any real Guardian approval.

The vulnerability had been fixed in the GitHub repository 9 hours earlier. The developers had identified the issue, written the patch, and merged it. But they hadn't deployed it yet.

The attacker was watching the repository. They saw the fix, reverse-engineered the bug, and exploited it before deployment.

// The Vulnerability

Code Anatomy

The verify_signatures() function used the deprecated load_instruction_at method, which doesn't validate that the provided account is the real Instructions sysvar.

verify_signature.rs — VULNERABLE

  1pub fn verify_signatures(
  2    ctx: &ExecutionContext,
  3    accs: &mut VerifySignatures,
  4    data: VerifySignaturesData,
  5) -> Result<()> {
  6    // BUG: No validation that instruction_acc is the real sysvar!
  7    // User can pass ANY account here and it will be trusted
  8    let instruction = load_instruction_at(
  9        data.instruction_index as usize,
 10        &accs.instruction_acc,  // <-- Attacker provides fake account
 11    )?;
 12
 13    // Check that Secp256k1 was called
 14    if instruction.program_id != secp256k1_program::id() {
 15        return Err(ProgramError::InvalidArgument);
 16    }
 17
 18    // THE FLAW: Attacker's fake account claims signatures valid
 19    // Real Guardians never signed anything!
 20}

NO ACCOUNT VALIDATION

Fig. 2: The vulnerable verify_signatures() — trusts unvalidated sysvar account

Timeline of Tragedy

Timestamp	Event
2021-10-20	Solana deprecates load_instruction_at
2022-01-13	Wormhole commits Solana 1.9.4 update
2022-02-02 17:31	Fix PR merged to GitHub
2022-02-02 18:24	EXPLOIT: 120,000 wETH minted
2022-02-02 18:28	93,750 wETH withdrawn to ETH

// Proof of Concept

Conceptual Exploit Reproduction

Since the original exploit was on Solana (Rust), this PoC demonstrates the conceptual vulnerability pattern in Solidity—trusting an unvalidated verifier.

wormhole_exploit_poc.sh — Conceptual PoC

Fig. 1: Conceptual PoC demonstrating the verifier spoofing vulnerability pattern

// Attack Vector

The Cross-Chain Heist

STEP 1

GitHub Surveillance

Monitor Wormhole repo for security patches

STEP 2

Reverse Engineer

Extract vulnerability from fix commit diff

STEP 3

Spoof Sysvar

Create fake Instructions sysvar account on Solana

STEP 4

THE EXPLOIT

Call verify_signatures with spoofed account → forge 120k wETH VAA

STEP 5

Mint & Bridge

Mint wETH on Solana, bridge 93,750 wETH to Ethereum

STEP 6

Profit

$326M stolen, Jump Crypto later provides bailout

Concept Verified

Fix Commit

e8b91810...

Tokens Stolen

120,000 wETH

PoC Tests

3/3 PASSED

View ETH Withdrawal TX Download Full Report

Analysis by 0xWalterWhiteHat

Request an Audit

WORMHOLE BRIDGEWORMHOLE BRIDGEWORMHOLE BRIDGE$326M EXPLOIT