How $325 Million Disappeared in Minutes in One of Crypto’s Biggest Hacks
How it happened, how the crypto giant Jump Trading stepped in, and how some funds were recovered more than a year later.
In the early days of February 2022, one of decentralized finance’s most trusted bridges became the site of a spectacular theft. In less than an hour, a vulnerability in Wormhole’s smart-contract code let a hacker mint 120,000 wrapped Ethereum tokens (wETH) out of thin air valued at roughly $325 million.
The shockwaves rippled through DeFi markets, and for days investors wondered whether this digital money would ever be seen again.
Timeline of the Wormhole Bridge Exploit
February 2, 2022 — Midnight: The Vulnerability is Exploited
At around 18:26 UTC (1:26 pm EST), Wormhole’s Ethereum–Solana bridge was exploited. A hacker managed to spoof a guardian account a key part of the bridge’s signature verification process and illicitly minted 120,000 wETH tokens on the Solana side of the protocol.
This was not a small glitch. Because each wETH token represented a claim on real ETH on another blockchain, the attacker could then convert these illegitimate wETH tokens and extract real value. Quick analysis showed approximately 93,750 of the wETH were redeemed for real ETH on Ethereum, and the remainder swapped into other tokens like Solana and USDC.
By the evening of February 2, Wormhole transactions were halted and users began to discover the loss.
February 3, 2022 — Early Hours: Wormhole Confirms the Hack
In public statements on social media, Wormhole acknowledged the exploit early on February 3, confirming “all funds have been restored and Wormhole is back up” after rapid patching. However, at that time, the stolen crypto had not been returned by the hacker.
During the crisis, Wormhole even attempted a bold gambit: the team sent a message onchain to the hacker’s wallet offering a $10 million bounty and a white-hat agreement in exchange for details of the exploit and the return of funds.
February 3–4, 2022 — Jump Crypto Steps In
Within a day of the exploit, Jump Crypto the crypto division of quantitative trading firm Jump Trading announced it had replaced the stolen funds. Their goal was to make “community members whole” and maintain confidence in Wormhole infrastructure.
Jump Trading had acquired Wormhole’s developer, Certus One, the previous August, aligning their incentives with the bridge’s survival. With markets still reeling, Jump’s move prevented further liquidity spirals that might have otherwise destabilized extended DeFi ecosystems.
But here’s the twist: the funds used to “restore” the bridge were not recovered from the attacker they were fronted by Jump Crypto to backstop the protocol.
February 21, 2023 — Partial Recovery Through Legal and Technical Maneuvers
More than a year later, the story took another turn. According to reporting on recovery efforts, Jump Crypto and partners including Oasis were able to counter-exploit a contract tied to the attacker’s wallet holdings under a court order from the High Court of England and Wales and reclaim a portion of the stolen assets.
In that process, roughly $140 million worth of the original stolen ETH was recovered and transferred to a secure wallet held by authorized parties.
