In a “counter exploit” against the Wormhole protocol hacker, Web3 infrastructure company Jump Crypto and decentralized finance (DeFi) platform Oasis.app were successful in recovering $225 million worth of digital assets and moving them to a secure wallet.
In the Wormhole assault, which took place in February 2022, a flaw in the protocol’s token bridge allowed for the theft of around $321 million worth of Wrapped ETH (wETH).
Via different Ethereum-based decentralized apps (dApps), the hacker has subsequently moved the stolen cash around. With Oasis, they recently built up a Wrapped Staked ETH (wstETH) vault on January 23 and a Rocket Pool ETH (rETH) vault on February 11.
The Oasis.app team said that it had “received an injunction from the High Court of England and Wales” to recover some assets tied to the “address associated with the Wormhole Exploit” in a blog post on February 24. This verified that a counter exploit had occurred.
According to the company, the recovery was started by “the Oasis Multisig and a court-authorized third party,” who was later revealed to be Jump Crypto in a previous article by Blockworks Research.
According to the transaction histories of both vaults, Oasis transferred 120,695 wsETH and 3,213 rETH to wallets under Jump Crypto’s management on February 21. Moreover, MakerDao’s DAI stablecoin debt owed by the hacker totaled around $78 million and was recovered.
“We can also confirm that, in accordance with the court ruling, the assets were instantly transferred to a wallet held by the approved third party. The blog post states that we no longer have access to or control over these assets.
The company underlined that it was “only conceivable owing to a previously undiscovered weakness in the architecture of the admin multisig access,” referring to the negative ramifications of Oasis being able to collect cryptocurrency assets from its user vaults.
According to the report, white hat hackers discovered this vulnerability earlier this month.
“We want to emphasize that this access was only there to safeguard user assets from prospective attacks. It also gave us the opportunity to act rapidly to fix any vulnerabilities that were made known to us. It should be underlined that user assets have never been in danger of being accessed by unauthorized parties, either in the past or the present.
