Solana’s Wormhole Hack Post-Mortem Analysis

6 min readFeb 8, 2022


Solana’s Wormhole is a communication enabling the transfer of tokenized assets seamlessly across blockchains and benefit from Solana’s high speed and low cost.

The Wormhole bridge was hacked on February 2nd, the attack exploited unpached Rust contracts in Solana that were manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana.

Shortly after the hack, an on-chain message was sent to the hacker from Certus One, the team behind the Wormhole bridge:

However the hacker didn’t make any contact, instead 93,750 ETH was bridged back to Ethereum over the course of 3 transactions, where it still remains in the hacker’s wallet. The remaining ~36k whETH were liquidated on Solana into USDC and SOL.

Jump Crypto, the cryptocurrency fund which has raised more than $700 million in capital, tweeted Thursday afternoon that it had “replaced” 120,000 stolen Ethereum-based tokens “to make community members whole” and support Wormhole but provided no further details about the bailout. Wormhole confirmed on Twitter that funds involved in the hack had indeed been “restored” and wrote “all funds are safe” on Telegram.

Prior to the exploit, the bridge held a 1:1 ratio of ethereum to wrapped ethereum on the solana blockchain, acting essentially as an escrow service. This exploit broke the 1:1 peg by stealing 120k ETH from the collateral reserve. Solscan (a blockchain explorer for Solana), shows that ETH wrapped by Wormhole comprises roughly 19% of the total ETH on the blockchain; if the 1:1 backing of wETH hadn’t been replenished swiftly, it could have triggered a situation where DeFi positions may become undercollateralized and potentially fuel a bank run. Such a situation would add to Solana’s well-documented difficulties after it has suffered from multiple downtimes due to DoS attacks on the network over the last few months.

How It Happened

Wormhole is a “bridge”, basically a way to move crypto assets between different blockchains. Specifically, Wormhole has a set of “guardians” that sign off on transfers between chains.




Oxford-based blockchain and zero knowledge consultancy and auditing firm