On February 2, 2022, the Wormhole cross-chain bridge — which facilitates token transfers between Solana, Ethereum, and other blockchains — suffered a smart contract exploit resulting in the theft of approximately 120,000 wrapped Ether (wETH), worth approximately $320 million at the time (the second-largest DeFi hack at the time, after Poly Network’s $611M in 2021). The attacker exploited a vulnerability in Wormhole’s Solana-side smart contract where the bridge failed to properly validate ‘guardian’ (validator) accounts, allowing the attacker to bypass the requirement to deposit real Ethereum collateral by spoofing a valid ‘SignatureSet’ account. The attacker minted 120,000 wETH on Solana without backing it, then redeemed 93,750 wETH back to Ethereum. Jump Crypto, the venture capital firm backing Wormhole, replenished the $320M in stolen funds within days to prevent the protocol from becoming insolvent. The vulnerability stemmed from a code change that had not yet been deployed to the live contract but was visible on the public GitHub repository — potentially allowing the attacker to identify and exploit the issue before the patch was live. The attacker’s funds remained largely unspent on-chain.