Jump Crypto & Oasis.app counter exploits Wormhole hacker for $225M

Published at: Feb. 25, 2023

Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo managing to claw back $225 million worth of digital assets and transfer them to a safe wallet.

The Wormhole attack occurred in February 2022 and saw roughly $321 million worth of Wrapped ETH (wETH) siphoned via a vulnerability in the protocol’s token bridge.

The hacker has since shifted around the stolen funds through various Ethereum-based decentralized applications (dApps), and via Oasis, they recently opened up a Wrapped Staked ETH (wstETH) vault on Jan. 23, and a Rocket Pool ETH (rETH) vault on Feb. 11.

In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets that related to the “address associated with the Wormhole Exploit.”

The team stated that the retrieval was initiated via “the Oasis Multisig and a court-authorized third party,” which was identified as being Jump Crypto in a preceding report from Blockworks Research.

Transaction history of both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on Feb. 21 and placed in wallets under Jump Crypto’s control. The hacker also had around $78 million worth of debt in MakerDao’s DAI stablecoin that was retrieved.

“We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,” the blog post reads.

Referencing the negative implications of Oasis being able to retrieve crypto assets from its user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of the admin multisig access.”

Related: DeFi security: How trustless bridges can help protect users

The post stated that such a vulnerability was highlighted by white hat hackers earlier this month.

“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.”

pic.twitter.com/NX1fclJs5V

— foobar (@0xfoobar) February 24, 2023
Tags
Related Posts
DAO Maker crowdfunding platform loses $7M in latest DeFi exploit
Hackers have stolen funds out of more than 5,000 user accounts with crowdfunding platform DAO Maker, a site aimed at raising money for crypto projects. According to a report from DAO Maker CEO Christoph Zaknun, hackers were able to remove roughly $7 million in USD Coin (USDC) from 5,251 user accounts at approximately 1:00 am UTC today. The platform said the attacker used a smart contract exploit to initially steal 10,000 USDC, then made 15 more transactions to acquire additional funds. "One of the reasons why this did happen is probably that the amount of deposits within the [Strong Holder …
Business / Aug. 12, 2021
Battle-hardened Ronin bridge reopens following $600M hack: Finance Redefined
Welcome to Finance Redefined, your weekly dose of key decentralized finance (DeFi) insights, a newsletter crafted to bring you some of the major developments over the last week. This past week, the DeFi ecosystem saw Axie Infinity’s Ronin bridge relaunch with a fully backed 1:1 Ether (ETH) nearly three months after the infamous $600 million hacks. MakerDAO plans to invest $500 million into United States Treasurys and bonds to weather the ongoing bear market. Polkadot (DOT) announced that they would transform their governance model to move towards complete decentralization. While decentralized autonomous organizations (DAOs) are seen as the future of …
Adoption / July 1, 2022
Transit Swap ‘hacker’ returns lion’s share of $23M in stolen funds: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The TranitSwap hacker that got away with $23 million has returned 70% of the stolen funds. The return was possible due to quick actions from on-chain data analytic firms who managed to find the hacker’s IP address and other personal details. Another research report from Elliptic suggests that DeFi bridges and decentralized exchanges (DEX) have become a new frontier for crypto laundering. Bitcoin.com CEO Dennis Jarvis believes that Bitcoin can be a bridge that …
Adoption / Oct. 7, 2022
JP Morgan executes first DeFi trade on a public blockchain: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The first week of November proved to be the institutionalization of DeFi markets as major international banks and financial institutions executed and completed their first DeFi transaction. The global financial giant JP Morgan completed its first-ever cross-border transaction using DeFi on a public blockchain with the help of the Monetary Authority of Singapore’s (MAS) Project Guardian. DBS Bank started a trading test of foreign exchange (FX) and government securities using permissioned DeFi liquidity pools. …
Nft / Nov. 4, 2022
December DeFi exploits were the lowest in 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The end of 2022 saw the least value of stolen funds from DeFi, with $62 million worth of exploits in December. While the figure might seem a relief given the multiple bridge hacks and hundreds of millions of dollars stolen this year, cybersecurity experts have warned that the ecosystem would see no decrease in exploits, flash loans or exit scams in 2023. Lido protocol overtook MakerDAO to have the highest total value locked (TVL) …
Blockchain / Jan. 6, 2023