- An attack on the Wormhole token bridge resulted in the minting and theft of 120,000 wETH.
- Wormhole’s parent company and partners have since restored the stolen tokens and resumed operations.
On Wednesday, the cross-chain smart contract bridge Wormhole suffered an exploit that allowed an attacker to mint 120,000 wrapped ETH (wETH) and withdraw the tokens. The incident triggered an immediate response from Wormhole’s team, which took the site offline and began investigating the vulnerability.
By Thursday morning Wormhole announced that the vulnerability had been addressed, and later the same day confirmed that the more than $320 million in wETH lost in the exploit had been recovered and restored. The team wrote in a tweet: “All funds have been restored and Wormhole is back up. We’re deeply grateful for your support and thank you for your patience.“
Wormhole also said it is preparing a detailed incident report and will publish it soon to inform the community about what happened and what safeguards will be implemented going forward.
Jump Crypto (the crypto arm of Jump Capital), which acquired Wormhole developer Certus One last August, confirmed it replaced the 120,000 ETH that had been stolen. That intervention prevented unbacked wETH from destabilizing the ecosystem and helped restore user confidence.
Jump Crypto explained its actions by saying it believes in a multichain future and considers Wormhole essential infrastructure, which motivated the team to make community members whole while Wormhole continues development.
The hack ranks as one of the largest losses in decentralized finance: the second-largest single loss in DeFi history and the fourth-largest loss across the broader cryptocurrency space.
How the exploit occurred
Wormhole’s deployer first noticed suspicious activity on Wednesday night and took the platform offline for maintenance while investigating a potential breach. Around 18:24 UTC the attacker exploited Wormhole’s Solana-side VAA (Verified Action Approval) verification logic and was able to mint the 120,000 wETH tokens.
The Wormhole team posted: “The Wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience.“
According to on-chain analysis, the attacker redeemed 93,750 wETH into Ether and used parts of the proceeds to acquire other tokens, including Bored Ape Yacht Club Token (APE) and Finally Usable Crypto Karma (FUCK). The remaining wETH was swapped for SOL and USDC.
In the hours following the incident Wormhole reached out publicly with a proposed whitehat settlement, offering a $10 million bug bounty in exchange for full exploit details and the return of minted wETH. The message stated: “We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a Whitehat agreement and present you a bug bounty of $10 million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected].“
Security firm CertiK warned that the same class of vulnerability that affected Wormhole’s Solana bridge could potentially exist on other Wormhole chains, including the Terra bridge. The Wormhole incident also echoes broader warnings from industry experts about the risks of cross-chain bridges. Last month, Ethereum co‑founder Vitalik Buterin cautioned that cross-chain bridges remain an insecure component of the ecosystem and can be vulnerable to attacks.
Wormhole’s prompt restoration of funds and the support from Jump Crypto alleviated immediate market concerns, but the exploit underscores the persistent security challenges around cross-chain infrastructure and the need for stronger auditing, verification, and incident response practices across the space.