Oasis Network Help Jump Crypto ‘Exploit’ Wormhole Hacker

DeFi protocol Oasis Network said it helped Jump Crypto recover some of the stolen funds in the $300 million February 2022 wormhole exploit, according to a February 24 statement.

The platform revealed that it was acting based on an order from the High Court of England and Wales. Following the order, it helped retrieve certain assets from a crypto wallet linked to the Wormhole exploit.

According to Oasis, a whitehat group alerted the team to an unknown vulnerability in the design of the admin multi-sig access.

“The access was there solely for the purpose of protecting user assets in the event of a potential attack,” the team said. It added that there has been no unauthorized access to users’ assets ever before.

Jump Crypto had yet to release a statement on the incidents at press time.

How Oasis “exploited” the wormhole exploiter

Blockworks first broke the news of the counter-exploit. The media house reported that $225 million of the stolen funds were recovered.

According to Blockworks, the exploiter had stored the stolen funds in the Oasis vault, used them to borrow DAI, and then leveraged the DAI on rETH and wstETH. To maintain the security relationship, the exploiter used Oasis automated vaults.

It turned out that the vault contracts were upgradable, and Oasis could gain access to the vault by upgrading the smart contracts. Oasis added a sender wallet to its multi-sig on February 21 and upgraded the automation contract to a new proxy.

By doing this, the sender could perform the transactions to retrieve the funds and move the security from the vault to a new vault before it was removed from the multi-sig.

Meanwhile, mixed reactions have followed the event from the crypto community. While some consider the action justifiable, others believe it makes a mockery of DeFi.

A partner in MetaCartel Ventures DAO Adams Cochran so he doesn’t like the fact that “[Oasis] has a backdoor that allows them to seize assets from a user based on a court order.” Crypto investor Evanss6.eth said the actions set a “cruel precedent.”

Several members of the community also pointed out that the incident defeat the purpose of decentralization.

Disclaimer

All information on our website is published in good faith and for general information purposes only. Any action the reader takes on the information contained on our website is strictly at their own risk.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *