Jump Crypto & Oasis.app counter exploits Wormhole hacker for $225M

Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have performed a “counter-exploit” on the Wormhole protocol hacker, where the duo managed to recover $225 million worth of digital assets and transfer them to a secure wallet.

The wormhole attack took place in February 2022 and saw approximately $321 million worth of Wrapped ETH (wETH) via a vulnerability in the protocol’s token bridge.

The hacker has since moved around the stolen funds through various Ethereum-based decentralized applications (dApps), and via Oasis, they recently opened a Wrapped Staked ETH (wstETH) vault on January 23rd, and a Rocket Pool ETH (rETH) vault on February 11th .

In a blog post on February 24, the Oasis.app team confirmed that a counter-exploit had taken place, describing that they had “received an order from the High Court of England and Wales” to retrieve certain assets related to “the address associated with the wormhole exploit .”

The team stated that the pickup was initiated via “Oasis Multisig and a legally authorized third party,” which was identified as Jump Crypto in an earlier report by Blockworks Research.

Transaction history for both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on February 21st and placed into wallets under Jump Crypto’s control. The hacker also owed about $78 million worth of MakerDao’s DAI stablecoin that was taken.

“We can also confirm that the assets were immediately transferred to a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,” the blog post said.

@spreekaway tweet on counter exploitation: Twitter

Referring to the negative implications of Oasis being able to retrieve cryptoassets from user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of the admin multisig access.”

Related: DeFi Security: How Trustless Bridges Can Help Protect Users

The post stated that such a vulnerability was highlighted by white hat hackers earlier this month.

“We emphasize that this access was there solely for the purpose of protecting user assets in the event of a potential attack, and would have enabled us to move quickly to remediate any vulnerabilities disclosed to us. It should be noted that it does not at no time, past or present, has been in danger of being accessed by any unauthorized parties.”

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *