Solana’s Wormhole Hack Post-Mortem Analysis

Introduction

Solana’s Wormhole is a communication enabling the transfer of tokenized assets seamlessly across blockchains and benefit from Solana’s high speed and low cost.

The Wormhole bridge was hacked on February 2nd, the attack exploited unpached Rust contracts in Solana that were manipulated into crediting 120k ETH as having been deposited on Ethereum, allowing for the hacker to mint the equivalent in wrapped whETH (Wormhole ETH) on Solana.

Shortly after the hack, an on-chain message was sent to the hacker from Certus One, the team behind the Wormhole bridge:

However the hacker didn’t make any contact, instead 93,750 ETH was bridged back to Ethereum over the course of 3 transactions, where it still remains in the hacker’s wallet. The remaining ~36k whETH were liquidated on Solana into USDC and SOL.

Jump Crypto, the cryptocurrency fund which has raised more than $700 million in capital, tweeted Thursday afternoon that it had “replaced” 120,000 stolen Ethereum-based tokens “to make community members whole” and support Wormhole but provided no further details about the bailout. Wormhole confirmed on Twitter that funds involved in the hack had indeed been “restored” and wrote “all funds are safe” on Telegram.