Infrastructure company Web3 Jump Crypto and decentralized finance (DeFi) platform Oasis.app have carried out a “counter-attack” of the Wormhole protocol hacker, with which the duo has managed to recover $225 million in digital assets and transfer them to a secure wallet.
The Wormhole attack occurred in February 2022 and involved the siphoning of some $321 million worth of wrapped ETH (wETH) through a vulnerability in the protocol’s token bridge.
Since then, the hacker has moved the stolen funds through various Ethereum-based decentralized applications (dApps), and through Oasis, they recently opened a Wrapped Staked ETH (wstETH) vault on Jan. 23, and a Rocket Pool ETH ( rETH) on February 11.
In a February 24 blog post, the Oasis.app team confirmed that a counter-exploitation had occurred, stating that it had “received an order from the High Court of England and Wales” to recover certain assets related to the “address associated with the exploitation of the wormhole”.
The team stated that the recovery was initiated through “Oasis Multisig and a court-authorized third party,” which was identified as Jump Crypto in an earlier report by Blockworks Research.
The transaction history of both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on February 21 and placed in wallets under the control of Jump Crypto. The hacker also had around $78 million in debt on the MakerDao DAI stablecoin that was recovered.
“We can also confirm that the assets were immediately moved to a wallet controlled by the authorized third party, as required by court order. We do not retain any control or access to these assets,” the blog post read.
Referring to the negative implications of Oasis being able to recover crypto assets from its users’ vaults, the team stressed that it was “only possible due to a previously unknown vulnerability in the design of multisig admin access.”
The post claimed that said vulnerability was exposed by white hat hackers earlier this month.
“We insisted that this access was there for the sole purpose of protecting user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerabilities that were disclosed to us.” It should be noted that at no time, neither in the past nor in the present, have user assets been at risk of being accessed by any unauthorized party.”
— foobar (@0xfoobar) February 24, 2023
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.