On Saturday, Jump Crypto and Oasis.app announced that they had recovered 120,000 Ethereum (ETH) from last year’s Wormhole exploit, returning over $225 million worth of digital assets to a safe wallet.
The Wormhole exploits occurred on Oasis’ decentralised finance platform in February 2022. Hackers manipulated existing contracts to transfer massive amounts of collateral through a protocol bridge vulnerability.
Wormhole Cryptocurrency revealed that hackers exploited over 120,000 ETH after the attack. Estimates showed around $321 million was stolen at the time. The incident sparked a heated debate about the safety of digital currency, showcasing potential vulnerabilities in decentralised finance platforms.
The wormhole network was exploited for 120k wETH.
ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.
We are working to get the network back up quickly. Thanks for your patience.
— Wormhole🌪 (@wormholecrypto) February 2, 2022
After the High Court of England and Wales ordered Oasis to retrieve the lost assets, the decentralised finance platform launched a counter-exploit against the hackers in collaboration with Jump Cryptocurrency, then referred to as an authorised third party.
Moving assets
Following the Wormhole exploits, the hacker evaded capture by moving assets around different vaults through several Ethereum-based decentralised applications.
Oasis discovered assets opened in Rocket Pool ETH (rETH) and Wrapped Staked ETH (wstETH). Per both vaults’ transaction histories, Oasis immediately transferred 3,213 rETH and 120,695 wstETH to a safe wallet in Jump Cryptocurrency’s control.
The team also found that the hacker collected over $78 million of debt from MakerDao’s DAI crypto stablecoin and successfully recovered the debt in retrieval efforts.
Both parties have yet to disclose how they retrieved the assets. However, Oasis’ blog post and vault transaction histories suggested that the team transferred stolen assets from outside vaults to a safe wallet.
So Oasis (@MakerDAO) upgraded a contract to steal the 120,000 ETH back from the Wormhole hacker and return it to Jump
Horrendous precedent
— Evanss6.eth (@Evan_ss6) February 24, 2023
The transfer was conducted immediately after identifying assets, implying the team had full access to private vaults. Yet, the crypto community raised concerns about user protection and privacy violations.
Oasis emphasised that the retrieval was made possible via an undetected vulnerability in administrative access. The platform assured users that it would take the appropriate measures to prevent future exploits or retrievals.