Infrastructure company Web3 Jump Crypto and decentralized finance (DeFi) platform Oasis.app have carried out a “counter-exploit” on the Wormhole protocol hack, and the duo managed to recover $225 million worth of digital assets and transfer them to a wallet. safe.
The Wormhole attack occurred in February 2022 and saw approximately $321 million worth of Wrapped ETH (wETH) siphoned off through a vulnerability in the protocol’s token bridge.
Since then, the hacker has shifted the stolen funds through various Ethereum-based decentralized applications (dApps) and through Oasis, recently opened a Wrapped Staked ETH (wstETH) vault on Jan. 23 and a Rocket Pool ETH vault. (rETH). on February 11.
In a blog on February 24 mailthe Oasis.app team confirmed that a counterattack had taken place, noting that it had “received an order from the High Court of England and Wales” to recover certain assets related to the “address associated with the Wormhole Exploit.”
The team stated that the recovery was initiated through “Oasis Multisig and a court-authorized third party,” which was identified as Jump Crypto in an earlier report by Blockworks Research.
Transaction history of both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on February 21 and placed in wallets under the control of Jump Crypto. The hacker also had around $78 million in debt in MakerDao’s DAI stablecoin that was recovered.
“We can also confirm that the assets were immediately transferred to a wallet controlled by an authorized third party, as required by the court order. We do not retain control or access to these assets,” the blog post reads.
Referencing the negative implications of Oasis being able to recover crypto assets from its user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of multisig admin access.”
Related: DeFi Security: How Trustless Bridges Can Help Protect Users
The post stated that said vulnerability was highlighted by white hat hackers earlier this month.
“We stress that this access was there with the sole intention of protecting user assets in the event of a potential attack, and would have allowed us to act quickly to patch any vulnerabilities that were disclosed to us. It should be noted that at no time, past or present, have user assets been at risk of being accessed by an unauthorized party.”
-foobar (@0xfoobar) February 24, 2023