Skip to main content
Sign in
Wormhole Bridge1 decision on this page

Audit log

Every state-changing event for Wormhole Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:25:51Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,210,500
    sig
    2Tc4EEgTYtx3…8s7aTzYPexplorer ↗
    hash
    AMZMXKBbkra2…CHTXNfWQsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6707 B) ▸
    {"actor":"system:backfill","investigation_id":"9524fa70-d0f6-43e5-9698-973b2b93272f","kind":"publish","page_slug":"wormhole-bridge","published_at":"2026-05-30T18:25:51.514Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Wormhole Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2022/02/02/blockchain-bridge-wormhole-suffers-possible-exploit-worth-over-250m","type":"other","url":""},{"credibility":3,"name":"https://www.bloomberg.com/news/articles/2022-02-02/blockchain-bridge-wormhole-hit-with-potential-315-million-hack","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-wormhole-hack-february-2022","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/wormhole-bridge-hack-feb-2-2022-detailed-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/wormhole-bridge-exploit-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://certik.medium.com/wormhole-bridge-exploit-analysis-5068d79cbb71","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/02/03/jump-trading-backstops-wormholes-320m-exploit-loss-sources","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/jump-crypto-replenishes-funds-from-320m-wormhole-hack-in-largest-ever-defi-bailout","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/92709/jump-crypto-wormhole-defi","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/2022/02/04/320-million-crypto-hack-blockchain-ether-jump-trading-wormhole-refund-customer-losses/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/stolen-funds-from-the-wormhole-hack-on-the-move-after-laying-dormant-for-almost-a-year","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/jump-crypto-wormhole-hack-recovery","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/02/24/oasis-exploits-its-own-wallet-software-to-seize-crypto-stolen-in-wormhole-hack","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/02/27/wormhole-hacker-suffers-counter-exploit-from-jump-crypto-and-oasis-app/","type":"other","url":""},{"credibility":3,"name":"https://www.citationneeded.news/oasis-defi-centralization/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://techcrunch.com/2023/07/27/wormhole-new-security-320m-hack/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/certik-discovered-5-million-security-flaw-wormhole-bridge-aptos","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/security-flaw-aptos-wormhole-bridge/","type":"other","url":""},{"credibility":3,"name":"https://wormhole.foundation/blog/report-on-certiks-aptos-related-bug-bounty-2","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bug-bounty/wormhole/information/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/wormhole-hack-february-2022/","type":"other","url":""},{"credibility":3,"name":"https://www.cbsnews.com/news/wormhole-ether-cryptocurrency-320-million-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-wormhole-token-bridge-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"Wormhole Bridge is a cross-chain messaging and token bridge protocol originally developed by Certus One, later owned by Jump Crypto, enabling asset transfers between Solana, Ethereum, and other blockchains. On February 2, 2022, an attacker exploited a signature verification flaw in the Solana-side smart contract to fraudulently mint 120,000 wrapped ETH (wETH) worth approximately $320–326 million without posting collateral, making it the second-largest DeFi exploit in history at the time. Jump Crypto replenished the stolen ETH within 24 hours to prevent ecosystem collapse, and a court-authorized counter-exploit in February 2023 recovered approximately $140 million of the remaining stolen funds.","timeline":[{"date":"2022-02-02","event":"Wormhole Bridge exploited; attacker mints 120,000 wETH (~$320-326M) on Solana without collateral using a signature verification bypass in the Solana smart contract.","source":""},{"date":"2022-02-02","event":"Wormhole team embeds a $10 million bounty offer in a transaction to the attacker's Ethereum wallet; the offer is not accepted.","source":""},{"date":"2022-02-03","event":"Jump Crypto deposits 120,000 ETH to replenish the bridge and make users whole, preventing cascading insolvencies across Solana DeFi.","source":""},{"date":"2023-01-14","event":"Attacker's Ethereum and Solana wallets activate simultaneously after nearly a year of dormancy; attacker begins converting stolen ETH into staked ETH derivatives via OpenOcean.","source":""},{"date":"2023-01-23","event":"Attacker moves approximately $155 million in ETH to decentralized exchanges, converting to stETH and wstETH and using them as collateral to borrow DAI on MakerDAO.","source":""},{"date":"2023-02-21","event":"Oasis.app receives an order from the High Court of England and Wales to retrieve assets associated with the Wormhole exploit wallet.","source":""},{"date":"2023-02-21","event":"Jump Crypto and Oasis execute a court-authorized counter-exploit against the attacker's Oasis vaults, recovering approximately $140 million net in stolen assets.","source":""},{"date":"2023-07-27","event":"TechCrunch reports on Wormhole's post-hack security overhaul including 29 third-party audits, two $2.5M bug bounty programs, and Uniswap DAO bridge selection.","source":""},{"date":"2023-12-05","event":"CertiK discovers a $5 million vulnerability in the Wormhole bridge on Aptos and discloses it to the Wormhole team; the flaw is patched within approximately three hours with no funds lost.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 5cf84746-ca07-4196-94f8-51e1c2c0d62b
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.