The decentralized finance world woke up to a nightmare on February 3, 2022. Wormhole, one of the most widely used cross-chain bridges connecting Solana to other blockchain networks, had been exploited for approximately $320 million in cryptocurrency. The attack sent shockwaves through the DeFi ecosystem and reignited urgent conversations about the security of multi-billion-dollar protocols.
TL;DR
- Wormhole, a cross-chain bridge on Solana, was hacked for roughly $320 million in wrapped Ether (wETH)
- Attackers made off with 120,000 wETH, with approximately 96,000 tokens bridged to the Ethereum network
- Jump Trading stepped in to replenish stolen funds and restore the 1:1 wETH backing
- The vulnerability was patched within hours, but Solana’s SOL token dropped 9% on the day
- Wormhole offered the attacker a $10 million bug bounty to return the stolen assets
What Happened: The Anatomy of the Exploit
In the early hours of February 3, attackers exploited a vulnerability in Wormhole’s smart contract system, draining approximately 120,000 wETH—wrapped Ether tokens that represent ETH on the Solana blockchain. The total value at the time of the exploit was roughly $320 million, making it one of the largest DeFi hacks ever recorded at that point.
According to blockchain forensics provider TRM Labs, approximately 96,000 of the stolen wETH tokens were quickly transferred to the Ethereum blockchain. “No onward movement yet, but we are tracking the situation,” TRM stated as they monitored the attacker’s wallets in real time.
The Wormhole team confirmed the exploit on Twitter, writing: “The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1.” The vulnerability was patched within hours, and the team reassured users on Telegram that remaining funds were secure.
Jump Trading Steps In
In a critical intervention, Jump Trading Group—the quantitative trading firm that had acquired Certus One, a founding contributor to the Wormhole project, in August 2021—committed to replacing the stolen funds. Jump Crypto announced it would supply the Ether necessary to ensure all wrapped ETH remained backed on a one-to-one basis.
The rapid response helped prevent a broader contagion effect that could have rippled across the Solana ecosystem. Without this backstop, the wETH on Solana would have been undercollateralized, potentially triggering a cascade of liquidations and further panic.
A $10 Million Bounty Offer
In an unusual move, the Wormhole developers publicly offered the hacker a $10 million bug bounty in exchange for details about the exploit and the return of all stolen funds. The offer was communicated on-chain and through public channels, though there was no immediate indication that the attacker intended to accept.
Worse News for Solana
The Wormhole hack compounded what was already a difficult period for Solana. The high-performance blockchain had suffered a 17-hour network outage in the fall of 2021 following bot-driven congestion, and reports of degraded performance from trading bots had continued into early 2022. On the day of the Wormhole exploit, SOL dropped approximately 9% according to CoinMarketCap data, significantly underperforming the broader market.
At the time of the snapshot, Bitcoin was trading at approximately $37,154 and Ethereum at $2,679, with the total cryptocurrency market capitalization around $1.79 trillion. The Wormhole incident dragged DeFi sentiment lower across the board.
Expert Warnings on DeFi Security
Tom Robinson, co-founder of blockchain analytics firm Elliptic, didn’t mince words about the implications. “This demonstrates once again that the security of DeFi services has not reached a level that is appropriate for the huge sums being stored within them,” he said. “The transparency of the blockchain is allowing attackers to identify and exploit major bugs.”
The Wormhole exploit was not an isolated incident. Cross-chain bridges had become prime targets for hackers due to the enormous value locked in their smart contracts and the inherent complexity of securing communication between different blockchain networks. The attack underscored a fundamental tension in DeFi: the protocols handling the most money were often the ones with the most attack surface.
Why This Matters
The $320 million Wormhole hack was a defining moment for cross-chain infrastructure security. It demonstrated that even protocols backed by major institutional players like Jump Trading remained vulnerable to sophisticated exploits. The incident accelerated the industry’s focus on bridge security audits, bug bounty programs, and insurance mechanisms. For everyday DeFi users, it served as a stark reminder that the promise of permissionless finance still came with significant risks—and that the line between innovation and exposure could vanish in a single transaction.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always do your own research before making investment decisions.
120k wETH gone in hours and Jump Trading had to bail them out. cross-chain bridges are the weakest link in defi, always have been
ronin, wormhole, nomad, harmony. 2022 was the year of bridge exploits. $320M here, $625M there. the pattern was obvious and nobody listened
bridge_rekt_2 jump trading backstopped 120k wETH because they owned wormhole. self rescue not charity
the $10M bug bounty offer was never going to work. why return $320M for $10M? pure copium from the team
they were probably hoping white hat ethics would kick in. or that the attacker couldnt move 120k eth without getting flagged. either way, pure copium
Lars E. $10M bounty on $320M theft was insulting. no white hat returns that kind of money for a thank you card
solid writeup. one thing missing though – the vulnerability was in the signature verification, not the bridge itself. subtle but important distinction
the signature verification vs bridge semantics matter for audits going forward. most bridge exploits in 2022 shared the same root cause pattern
same root cause: signature verification bypass. wormhole, ronin, harmony all had some form of guardian key compromise that let attackers forge messages
jump trading backstopping 120k wETH wasnt charity, it was self defense. they owned wormhole. letting it collapse would have killed their solana ecosystem bets