Wormhole Stolen Incident Report: Attackers Use Solana-side Contract Signature Verification Vulnerability to Steal ETH

On February 5th, Wormhole released a report on the incident of 120,000 ETH stolen by a hacker attack on February 2nd. The report pointed out that the vulnerability of Wormhole in this incident was specifically an error in the signature verification code of the core Wormhole contract on the Solana side, allowing attackers to forge messages from the “Guardian” to mint Wormhole-wrapped ETH. The vulnerability has been fixed by adding missing checks. In addition, the report mentions that there are several projects on the Wormhole roadmap that could further enhance the security of cross-chain messaging and bridging, including accounting mechanisms for isolating risks across chains, dynamic risk management, continuous monitoring, and early detection of incidents.