What Happened

Wormhole (Backtest Jan 2022)

$320M|Smart Contract Exploit|February 2, 2022

Attacker exploited a signature verification vulnerability in the Solana-side Wormhole contract, forging a VAA to mint 120,000 wETH without depositing collateral on Ethereum. The verify_signatures function did not validate that the instruction sysvar account was the real sysvar, allowing the attacker to substitute a fake sysvar with pre-set valid signatures, bypassing the 13/19 guardian threshold entirely.

What Hindenrank Would Have Said

As of January 1, 2022

C-
Risk Score
56/100

Elevated risk — novel cross-chain messaging architecture with billions in locked collateral, a young track record, and high-complexity signature verification across multiple chains, partially offset by reputable guardian operators and strong growth trajectory.

Mechanism Novelty9/15
Interaction Severity18/20
Oracle Surface5/10
Documentation Quality5/10
Track Record6/15
Scale Exposure7/10
Regulatory Risk3/10
Protocol Vitality3/10

Scenario Predicted the Failure Mode

The C- grade (56/100) did not cross the D+ threshold for a high-risk flag. However, our collapse scenario analysis predicted the exact failure mode that occurred.

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Oracle Surface, Track Record, Scale Exposure

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

  1. 1.Cross-chain signature verification on Solana uses a split instruction pattern due to compute limits, where VAA signatures are verified across multiple transactions — if the verification chain can be bypassed or spoofed, an attacker could forge valid-looking VAAs to mint unbacked wrapped tokens worth billions
  2. 2.The lock-and-mint architecture concentrates ~$3-4B of locked collateral across bridge contracts on multiple chains, creating a massive honeypot where a single vulnerability in any chain's contract could drain the entire bridge's reserves on that chain
  3. 3.Guardian network operates with a 13-of-19 proof-of-authority threshold — while guardians are reputable validators (Certus One, Chorus One, Figment, P2P), the permissioned set means compromise or collusion of 13 entities could produce fraudulent attestations for arbitrary cross-chain messages
  4. 4.Protocol has been live for less than 6 months in its current V2 form (launched August 2021), with complex multi-chain contract deployments across Solana, Ethereum, BSC, and Terra that have had limited time for organic battle-testing at current TVL levels

Collapse Scenarios

Signature Verification Bypass Leading to Unbacked Wrapped Token Mint

Elevated
Trigger

An attacker discovers a flaw in the Solana-side split signature verification (verify_signatures) that allows forging or bypassing the 13/19 guardian signature threshold — for example, by spoofing the instruction sysvar account or exploiting the multi-instruction verification chain to mark signatures as valid without actual guardian attestation

Cascade
1.
Attacker identifies that the Solana verify_signatures function does not properly validate the instruction sysvar account identity, allowing a crafted fake sysvar to be substitutedThe attacker can submit a transaction where all guardian signatures appear valid without actual guardian signing, bypassing the 13/19 threshold requirement
2.
With a forged VAA passing verification, the attacker calls the Wormhole Token Bridge mint function on Solana to mint wrapped tokens (e.g., wETH) without locking corresponding collateral on EthereumHundreds of millions to billions of dollars worth of unbacked wrapped tokens are minted
3.
The attacker bridges the fraudulently minted wrapped tokens back to Ethereum through the legitimate bridge path, redeeming them for real ETH from the locked collateral poolThe locked collateral on Ethereum is drained as the bridge redeems the attacker's wrapped tokens against real assets
4.
Remaining wrapped Wormhole tokens on Solana, BSC, Terra, and Polygon lose their backing as the locked collateral has been partially or fully drainedAll Wormhole wrapped tokens depeg toward zero on every chain where they circulate
5.
DeFi protocols on Solana and other chains that accepted Wormhole wrapped tokens as collateral or liquidity face cascading insolvenciesLending protocols, DEXs, and yield farms holding Wormhole wrapped tokens suffer losses proportional to their exposure
Historical Precedent

Poly Network exploit (August 2021) demonstrated that cross-chain bridge contract vulnerabilities can enable unauthorized minting/transfers of hundreds of millions of dollars. ChainSwap exploit (July 2021) showed that signature verification flaws in bridge contracts can allow attackers to forge authorization for cross-chain transfers.

Guardian Collusion or Key Compromise Draining Bridge Reserves

Moderate
Trigger

13 or more of the 19 Wormhole guardian private keys are compromised through coordinated attack on guardian infrastructure, social engineering, insider collusion, or a state-level actor targeting guardian entities (Certus One/Jump Crypto, Chorus One, Figment, P2P, etc.)

Cascade
1.
An attacker compromises the private keys of 13+ guardian entities through targeted attacks on their infrastructure, supply chain compromise, or insider collaborationThe attacker can produce validly-signed VAAs for any arbitrary cross-chain message — the guardian network security model is fully bypassed
2.
The attacker crafts and signs fraudulent VAAs authorizing the minting of wrapped tokens on destination chains or the unlocking of collateral on source chainsUnlimited minting of wrapped tokens or draining of locked collateral across every supported chain
3.
The fraudulent transfers appear fully legitimate to all on-chain verification with no mechanism to distinguish malicious from legitimate VAAsDetection requires off-chain monitoring of mint/burn invariant violations, which may have significant delay
4.
By the time the attack is detected and remaining honest guardians respond, significant funds have been extractedBridge reserves depleted, wrapped tokens lose backing, and the Wormhole guardian trust model is permanently discredited
Historical Precedent

Ronin bridge exploit demonstrated that validator key compromise on a proof-of-authority bridge can result in hundreds of millions in losses. The Ronin bridge had a 5-of-9 validator threshold and 4 validators were controlled by a single entity, enabling the attacker to compromise just one additional validator to drain $625M.

Chain-Specific Contract Exploit via Multi-Runtime Implementation Gap

Moderate
Trigger

A vulnerability is discovered in one chain's Wormhole contract implementation (Solana Rust, EVM Solidity, or Terra CosmWasm) caused by semantic differences between runtimes, chain-specific features, or implementation-level bugs in translating the same logic across different programming languages

Cascade
1.
An attacker discovers a chain-specific vulnerability such as a Solana instruction handling bug, an EVM reentrancy path, or a CosmWasm message ordering issue not present in other chain implementationsThe vulnerability can be exploited on the affected chain without the guardian network detecting anomalous behavior
2.
The attacker exploits the chain-specific vulnerability to mint unbacked wrapped tokens or unlock collateral without proper authorization on the vulnerable chainFunds extracted from bridge reserves on the affected chain proportional to locked collateral or wrapped token liquidity
3.
The attacker uses the bridge itself to move extracted funds to other chains before detectionCross-chain fund movement makes the attack harder to trace and the attacker can exit through the most liquid chain
4.
Confidence in Wormhole wrapped tokens collapses as users rush to redeem across all chains, even those not directly affectedBank run on the bridge exhausts available liquidity, wrapped tokens depeg, and DeFi protocols holding Wormhole tokens face cascading liquidations
Historical Precedent

The Poly Network exploit (August 2021, $610M) exploited a cross-chain message verification flaw that was chain-specific. This demonstrated that multi-chain implementations with different contract runtimes create semantic gaps that attackers can exploit.

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View LeaderboardAll Backtests