Wormhole hacker moves another $46M of stolen funds

Published at: Feb. 13, 2023

The ill-gotten crypto from one of the industry’s largest exploits is on the move again, with on-chain data showing another $46 million of stolen funds has just shifted from the hacker’s wallet.

The Wormhole attack was the third largest crypto hack in 2022 resulting from an exploit of Wormhole’s token bridge in February 2022. Around $321 million of Wrapped ETH (wETH) was stolen.

According to blockchain security firm PeckShield, the hacker’s associated wallet has become active once again, moving d $46 million worth of crypto assets.

This was made up of around 24,400 of Lido Finance-wrapped Ethereum staking token (wstETH), worth approximately $41.4 million and 3,000 Rocket Pool Ethereum staking token (rETH), worth about $5 million, which was moved to MakerDAO.

The hacker appears to be seeking yield or arbitrage opportunities on their stolen loot as the assets were exchanged for 16.6 million DAI, PeckShield reported.

The MakerDAO stablecoin was then used to buy 9,750 ETH priced at around $1,537 and 1,000 stETH. These were then wrapped back into 9,700 wstETH.

#PeckShieldAlert The Wormhole Network Exploiter 0x629e supplied $46M worth of cryptos, including 24.4k $wstETH ($41.4M) & 3k $rETH (~$5M), to MakerDAO for 16.6M $DAI & used them to buy 9.75k $ETH ($ETH at $1,537) & 1k $stETH ($ETH at $1,543), then wrapped them for ~9.7k $wstETH pic.twitter.com/BRfygHgpit

— PeckShieldAlert (@PeckShieldAlert) February 12, 2023

On Feb. 10, an on-chain sleuth observed that the hacker was “buying the dip.”

However, the price of Ethereum has since fallen below those levels over the past few hours. At the time of writing, ETH was trading down 2.6% on the day at $1,505 according to CoinGecko.

At the time of the transfers, stETH prices depegged from Ethereum and climbed as high as $1,570. They’re currently trading 2.4% higher than ETH at $1,541. Furthermore, wstETH also has depegged and rose to $1,676, 11.3% higher than the underlying asset.

Related: Crypto exploit losses in January see nearly 93% year-on-year decline

The latest funds movement comes only a few weeks after the hacker moved another $155 million worth of Ethereum to a decentralized exchange on Jan. 24.

95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets including Lido’s stETH and wstETH.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …
Adoption / Feb. 20, 2022
‘Unlucky’: Agave and Hundred Finance DeFi protocols exploited for $11M
A hacker has made off with approximately $11 million in Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI after using a “re-entrancy” attack on DeFi lending protocol applications Agave and Hundred Finance. The attack comes within 24 hours of news breaking of the Deus Finance exploit, where hackers stole over $3 million in Dai and Ethereum from the lending contract platform. Agave’s token, AGVE, dropped by 20 per cent following the attack, according to data from CoinGecko. Hundred Finances’ token HND fell 3.5 per cent after it announced the exploit, however it’s since recovered to hit a 24-hour-high. …
Blockchain / March 16, 2022
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
Blockchain / June 30, 2022
Fake Ethereum Denver website linked to notorious phishing wallet
A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH). The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2800 wallets and has stolen over $300,000 over the past six months. Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam …
Ethereum / Feb. 20, 2023