Skip to main content
Sign in
Wormhole Bridge3 decisions on this page

Audit log

Every state-changing event for Wormhole Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:25:51Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,210,500
    sig
    2Tc4EEgTYtx3…8s7aTzYPexplorer ↗
    hash
    AMZMXKBbkra2…CHTXNfWQsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6707 B) ▸
    {"actor":"system:backfill","investigation_id":"9524fa70-d0f6-43e5-9698-973b2b93272f","kind":"publish","page_slug":"wormhole-bridge","published_at":"2026-05-30T18:25:51.514Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Wormhole Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m","type":"other","url":""},{"credibility":3,"name":"https://www.bloomberg.com/news/articles/2022-02-02/blockchain-bridge-wormhole-hit-with-potential-315-million-hack","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/wormhole-bridge-hack-feb-2-2022-detailed-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/wormhole-bridge-exploit-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://certik.medium.com/wormhole-bridge-exploit-analysis-5068d79cbb71","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/02/03/jump-trading-backstops-wormholes-320m-exploit-loss-sources","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/jump-crypto-replenishes-funds-from-320m-wormhole-hack-in-largest-ever-defi-bailout","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/92709/jump-crypto-wormhole-defi","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/2022/02/04/320-million-crypto-hack-blockchain-ether-jump-trading-wormhole-refund-customer-losses/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/stolen-funds-from-the-wormhole-hack-on-the-move-after-laying-dormant-for-almost-a-year","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/jump-crypto-wormhole-hack-recovery","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/02/24/oasis-exploits-its-own-wallet-software-to-seize-crypto-stolen-in-wormhole-hack","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/02/27/wormhole-hacker-suffers-counter-exploit-from-jump-crypto-and-oasis-app/","type":"other","url":""},{"credibility":3,"name":"https://www.citationneeded.news/oasis-defi-centralization/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://techcrunch.com/2023/07/27/wormhole-new-security-320m-hack/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/certik-discovered-5-million-security-flaw-wormhole-bridge-aptos","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/security-flaw-aptos-wormhole-bridge/","type":"other","url":""},{"credibility":3,"name":"https://wormhole.foundation/blog/report-on-certiks-aptos-related-bug-bounty-2","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bug-bounty/wormhole/information/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""},{"credibility":3,"name":"https://www.cbsnews.com/news/wormhole-ether-cryptocurrency-320-million-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-wormhole-token-bridge-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"Wormhole Bridge is a cross-chain messaging and token bridge protocol originally developed by Certus One, later owned by Jump Crypto, enabling asset transfers between Solana, Ethereum, and other blockchains. On February 2, 2022, an attacker exploited a signature verification flaw in the Solana-side smart contract to fraudulently mint 120,000 wrapped ETH (wETH) worth approximately $320–326 million without posting collateral, making it the second-largest DeFi exploit in history at the time. Jump Crypto replenished the stolen ETH within 24 hours to prevent ecosystem collapse, and a court-authorized counter-exploit in February 2023 recovered approximately $140 million of the remaining stolen funds.","timeline":[{"date":"2022-02-02","event":"Wormhole Bridge exploited; attacker mints 120,000 wETH (~$320-326M) on Solana without collateral using a signature verification bypass in the Solana smart contract.","source":""},{"date":"2022-02-02","event":"Wormhole team embeds a $10 million bounty offer in a transaction to the attacker's Ethereum wallet; the offer is not accepted.","source":""},{"date":"2022-02-03","event":"Jump Crypto deposits 120,000 ETH to replenish the bridge and make users whole, preventing cascading insolvencies across Solana DeFi.","source":""},{"date":"2023-01-14","event":"Attacker's Ethereum and Solana wallets activate simultaneously after nearly a year of dormancy; attacker begins converting stolen ETH into staked ETH derivatives via OpenOcean.","source":""},{"date":"2023-01-23","event":"Attacker moves approximately $155 million in ETH to decentralized exchanges, converting to stETH and wstETH and using them as collateral to borrow DAI on MakerDAO.","source":""},{"date":"2023-02-21","event":"Oasis.app receives an order from the High Court of England and Wales to retrieve assets associated with the Wormhole exploit wallet.","source":""},{"date":"2023-02-21","event":"Jump Crypto and Oasis execute a court-authorized counter-exploit against the attacker's Oasis vaults, recovering approximately $140 million net in stolen assets.","source":""},{"date":"2023-07-27","event":"TechCrunch reports on Wormhole's post-hack security overhaul including 29 third-party audits, two $2.5M bug bounty programs, and Uniswap DAO bridge selection.","source":""},{"date":"2023-12-05","event":"CertiK discovers a $5 million vulnerability in the Wormhole bridge on Aptos and discloses it to the Wormhole team; the flaw is patched within approximately three hours with no funds lost.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 5cf84746-ca07-4196-94f8-51e1c2c0d62b
  2. #2reviewby reviewerreviewer
    2026-06-14 23:15:59Z
    Score: 4242 (no score change)
    Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Wormhole Bridge is a legitimate cross-chain interoperability protocol that was the victim of an external smart contract exploit in February 2022, not the perpetrator of fraud. The exploit exploited a deprecated Solana function to mint 120,000 wETH without collateral; Jump Crypto (Wormhole's backer) replenished the full amount within 24 hours, meaning no end user suffered a permanent loss. Subsequently, coordinated court proceedings in England and New York resulted in recovery of over $400M of the originally stolen assets by 2024. The protocol has since undergone 29+ independent audits, operates a $2.5M Immunefi bug bounty, is the only unconditionally approved bridge by Uniswap's Bridge Assessment Committee, and holds a CertiK Skynet AA rating. The Wormhole Foundation was established as an independent entity in August 2023 following separation from Jump Trading, and the $W governance token launched in April 2024. Under AVOID.NET's post-policy band semantics, WARNING (20-49) requires elevated fraud/loss risk or unresolved severe incident — neither condition applies here: user losses were fully covered, the incident is legally resolved, and the protocol is actively maintained with strong third-party validation. A CAUTIONARY score of 63 accurately reflects legitimate status with material residual caveats: cross-chain bridges remain structurally high-risk infrastructure, the 2022 exploit was the second-largest DeFi hack at the time, and a secondary $5M vulnerability was discovered as recently as December 2023 (though promptly patched).
    anchoranchored
    chain
    mainnet-betaslot 426,514,485
    sig
    Lv27i5TeWYgE…ed27zKhAexplorer ↗
    hash
    4Peap6srZtcT…VxbZUbMQsha256 → base58
    verifying row…full verify ↗
    canonical bytes (2049 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-14T23:15:58.969Z","decision":"review","investigation_id":"9524fa70-d0f6-43e5-9698-973b2b93272f","new_score":42,"page_slug":"wormhole-bridge","prev_score":42,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Wormhole Bridge is a legitimate cross-chain interoperability protocol that was the victim of an external smart contract exploit in February 2022, not the perpetrator of fraud. The exploit exploited a deprecated Solana function to mint 120,000 wETH without collateral; Jump Crypto (Wormhole's backer) replenished the full amount within 24 hours, meaning no end user suffered a permanent loss. Subsequently, coordinated court proceedings in England and New York resulted in recovery of over $400M of the originally stolen assets by 2024. The protocol has since undergone 29+ independent audits, operates a $2.5M Immunefi bug bounty, is the only unconditionally approved bridge by Uniswap's Bridge Assessment Committee, and holds a CertiK Skynet AA rating. The Wormhole Foundation was established as an independent entity in August 2023 following separation from Jump Trading, and the $W governance token launched in April 2024. Under AVOID.NET's post-policy band semantics, WARNING (20-49) requires elevated fraud/loss risk or unresolved severe incident — neither condition applies here: user losses were fully covered, the incident is legally resolved, and the protocol is actively maintained with strong third-party validation. A CAUTIONARY score of 63 accurately reflects legitimate status with material residual caveats: cross-chain bridges remain structurally high-risk infrastructure, the 2022 exploit was the second-largest DeFi hack at the time, and a secondary $5M vulnerability was discovered as recently as December 2023 (though promptly patched).","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 50213bf1-d592-4c2e-911d-51fdfd18fe69
  3. #3review approveby judgejudge
    2026-06-14 23:15:59Z
    Score: 4263 (+21)
    This is a severity-calibration review, not a fact-dispute review: all six claim_findings are marked 'supported' and disputed_pct is 0%. The current WARNING-band score of 42 is demonstrably too harsh for a legitimate infrastructure protocol that was the victim of an external exploit, not the perpetrator of fraud. As documented in claim_findings[0] and the page's own timeline, Jump Crypto replenished 120,000 ETH within 24 hours, meaning no end user suffered a permanent loss. Claim_findings[1] further establishes that court proceedings in England and New York recovered over $400M of the stolen assets by 2024. Claim_findings[2] and [5] confirm strong ongoing security validation — Wormhole is the only unconditionally approved bridge by Uniswap's Bridge Assessment Committee, holds a CertiK Skynet AA rating, and demonstrably patched a Dec 2023 $5M Aptos vulnerability in under three hours. A CAUTIONARY score of 63 correctly reflects the legitimate operational standing while retaining appropriate caution for the historical severity of the exploit and the inherent structural risk of cross-chain bridge infrastructure. The page content stands as accurate and must remain published.
    anchoranchored
    chain
    mainnet-betaslot 426,514,489
    sig
    pxL2EKmbFpPT…ongPVZhYexplorer ↗
    hash
    88AYwxnWxi3g…c6Da5apNsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1544 B) ▸
    {"actor":"judge","decided_at":"2026-06-14T23:15:58.969Z","decision":"review_approve","investigation_id":"9524fa70-d0f6-43e5-9698-973b2b93272f","new_score":63,"page_slug":"wormhole-bridge","prev_score":42,"reason":"This is a severity-calibration review, not a fact-dispute review: all six claim_findings are marked 'supported' and disputed_pct is 0%. The current WARNING-band score of 42 is demonstrably too harsh for a legitimate infrastructure protocol that was the victim of an external exploit, not the perpetrator of fraud. As documented in claim_findings[0] and the page's own timeline, Jump Crypto replenished 120,000 ETH within 24 hours, meaning no end user suffered a permanent loss. Claim_findings[1] further establishes that court proceedings in England and New York recovered over $400M of the stolen assets by 2024. Claim_findings[2] and [5] confirm strong ongoing security validation — Wormhole is the only unconditionally approved bridge by Uniswap's Bridge Assessment Committee, holds a CertiK Skynet AA rating, and demonstrably patched a Dec 2023 $5M Aptos vulnerability in under three hours. A CAUTIONARY score of 63 correctly reflects the legitimate operational standing while retaining appropriate caution for the historical severity of the exploit and the inherent structural risk of cross-chain bridge infrastructure. The page content stands as accurate and must remain published.","score_delta":21,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6b9350fd-e74c-4fa3-a018-5b0ce8d5e57b
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.