Last February, hackers compromised Wormhole Bridge leading to 120,000 wETH loss from the platform, equivalent to $321 million. It was the largest DeFi attack of 2022 and the hacker swapped wETH tokens with Ethereum, SOL, USDC, APE, SX, etc.
Later, Wormhole rewarded a white hacker with $10 million for rectifying a bug in its core bridge contract on Ethereum just after its platform was compromised in the cyber attack.
Jump Crypto, a company involved in the creation of the Wormhole protocol, replaced those stolen funds. But it looks like the funds have now been retrieved as of three days ago.
Oasis published a blog post noting “On 21st February 2023, we received an order from the High Court of England and Wales to take all necessary steps that would result in the retrieval of certain assets involved with the wallet address associated with the Wormhole Exploit on the 2nd February 2022.”
Oasis further stated that the events of February 21 were only made possible by a vulnerability in the admin multi-sig access’s design that was previously undisclosed.
“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party,” Oasis stated.
On February 21, the sender wallet responsible for executing the counter exploit was added to the Oasis Multisig as a signer, kicking off the process. The sender carried out five transactions to aid the counter exploits, after which it was deactivated from the Oasis Multisig as a signer.
The sender’s third transaction to Oasis Multisig contained the majority of the recovery process’s operations. The sender deceived the Oasis contracts to permit it to transfer the debt and collateral from the exploiter’s vaults to the sender’s own vaults.
The exploiter’s vaults were taken over, and an alleged Jump Crypto wallet transferred 80M DAI to the sender. The $218M of collateral was retrieved along with the open loans on the vault using these DAI.
The funds retrieved were subsequently transferred to the holder. It is still unknown if Oasis or Jump is the owner of the sender and holder.
The DAI repayment to get the collateral back was taken into account, and the net return from the counter-exploitation was about $140M. Given that Jump paid off the obligation to withdraw the collateral, the most likely scenario is that Jump is in charge of these addresses.
The exploiter behind the notorious Wormhole hack of February 2022 just got bamboozled, in what appears to be the result of a joint operation by Oasis.app and Jump Crypto.
Last February, hackers compromised Wormhole Bridge leading to 120,000 wETH loss from the platform, equivalent to $321 million. It was the largest DeFi attack of 2022 and the hacker swapped wETH tokens with Ethereum, SOL, USDC, APE, SX, etc.
Later, Wormhole rewarded a white hacker with $10 million for rectifying a bug in its core bridge contract on Ethereum just after its platform was compromised in the cyber attack.
Jump Crypto, a company involved in the creation of the Wormhole protocol, replaced those stolen funds. But it looks like the funds have now been retrieved as of three days ago.
Oasis published a blog post noting “On 21st February 2023, we received an order from the High Court of England and Wales to take all necessary steps that would result in the retrieval of certain assets involved with the wallet address associated with the Wormhole Exploit on the 2nd February 2022.”
Oasis further stated that the events of February 21 were only made possible by a vulnerability in the admin multi-sig access’s design that was previously undisclosed.
“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party,” Oasis stated.
On February 21, the sender wallet responsible for executing the counter exploit was added to the Oasis Multisig as a signer, kicking off the process. The sender carried out five transactions to aid the counter exploits, after which it was deactivated from the Oasis Multisig as a signer.
The sender’s third transaction to Oasis Multisig contained the majority of the recovery process’s operations. The sender deceived the Oasis contracts to permit it to transfer the debt and collateral from the exploiter’s vaults to the sender’s own vaults.
The exploiter’s vaults were taken over, and an alleged Jump Crypto wallet transferred 80M DAI to the sender. The $218M of collateral was retrieved along with the open loans on the vault using these DAI.
The funds retrieved were subsequently transferred to the holder. It is still unknown if Oasis or Jump is the owner of the sender and holder.
The DAI repayment to get the collateral back was taken into account, and the net return from the counter-exploitation was about $140M. Given that Jump paid off the obligation to withdraw the collateral, the most likely scenario is that Jump is in charge of these addresses.
