← All incidents

Wormhole bridge

A $326M loss on Solana in 2022, caused by a signature verification flaw. Here's what happened, the vulnerability class behind it, and where it stands in ProveWall's re-proof pipeline.

Loss$326M
Year2022
ChainSolana
Vulnerability classSignature verification
Mechanismsignature-verification bypass
◷ In the ProveWall re-proof queue
We have not yet re-executed this exploit on a forked chain. When we do, this page will show a signed, independently replayable receipt — the exploit moving value, and the patched control resisting. Until then this is a factual incident summary, not a proof. No proof, no finding.

What this class of bug is

Signature-verification flaws accept forged, replayed, or malformed signatures as valid, letting an attacker authorize actions (like releasing bridged funds) they were never entitled to.

How to read this page. The dollar figure is the publicly reported loss attributed to this incident. A ProveWall re-proof reproduces the vulnerability class/mechanism by execution on a forked chain, with a signed receipt — we say so explicitly only once that execution has passed.

Want your own contract actually proven — not guessed?

Static tools and LLM auditors ask "is there a check here?" and miss the check that exists but is wrong. OmniGuard Labs runs the exploit on a forked chain and sends you a signed pass/fail receipt. Request a proof-backed audit →