Wormhole Bridge

2022-02-02

Wormhole Bridge exploited; attacker mints 120,000 wETH (~$320-326M) on Solana without collateral using a signature verification bypass in the Solana smart contract.

2022-02-02

Wormhole team embeds a $10 million bounty offer in a transaction to the attacker's Ethereum wallet; the offer is not accepted.

2022-02-03

Jump Crypto deposits 120,000 ETH to replenish the bridge and make users whole, preventing cascading insolvencies across Solana DeFi.

2023-01-14

Attacker's Ethereum and Solana wallets activate simultaneously after nearly a year of dormancy; attacker begins converting stolen ETH into staked ETH derivatives via OpenOcean.

2023-01-23

Attacker moves approximately $155 million in ETH to decentralized exchanges, converting to stETH and wstETH and using them as collateral to borrow DAI on MakerDAO.

2023-02-21

Oasis.app receives an order from the High Court of England and Wales to retrieve assets associated with the Wormhole exploit wallet.

2023-02-21

Jump Crypto and Oasis execute a court-authorized counter-exploit against the attacker's Oasis vaults, recovering approximately $140 million net in stolen assets.

2023-07-27

TechCrunch reports on Wormhole's post-hack security overhaul including 29 third-party audits, two $2.5M bug bounty programs, and Uniswap DAO bridge selection.

2023-12-05

CertiK discovers a $5 million vulnerability in the Wormhole bridge on Aptos and discloses it to the Wormhole team; the flaw is patched within approximately three hours with no funds lost.