Would You like a feature Interview?
All Interviews are 100% FREE of Charge
Web3 Infrastructure Company Jump Crypto and Decentralized Finance (DeFi) Platform Oasis.app Perform “Counter Exploit” Against Wormhole Protocol Hackers, Recover $225 Million Worth of Digital Assets, Secure Wallet successfully transferred to
A wormhole attack occurred in February 2022, siphoning approximately $321 million worth of wrapped ETH (wETH) via a vulnerability in the protocol’s token bridge.
The hackers have since moved the stolen funds through various Ethereum-based decentralized applications (dApps), through Oasis, and recently on Jan. 23, into a Wrapped Stake ETH (wstETH) vault and Rocket Pool ETH (rETH ) opened a vault. February 11th.
In the blog on February 24th directorthe Oasis.app team has “received an order from the High Court of England and Wales” to acquire certain assets related to “addresses associated with the wormhole exploit”, outlining the counter-exploit. I have confirmed that
The team said the collection was initiated via “Oasis Multisig and a court-approved third party.” It was identified as Jump Crypto in a previous report from Blockworks Research.
Transaction history of both banks indicates 120,695 wsETH and 3,213 rETH moved It was issued by Oasis on February 21 and placed in a wallet under the control of Jump Crypto. The hacker also had about $78 million worth of debt in his DAI stablecoin on his MakerDao that was recovered.
“Also, by court order, we can confirm that the assets were immediately passed to a wallet managed by an authorized third party. We do not control or have access to these assets.” says the blog post.
Referring to the negative impact of allowing Oasis to retrieve cryptocurrencies from user vaults, the team stressed that “it was only possible due to a previously unknown vulnerability in the design of admin multisig access.” Did.
Related: DeFi Security: How Trustless Bridges Help Protect You
The post states that such a vulnerability was highlighted by a white hat hacker earlier this month.
“This access exists with the sole intent of protecting user assets in the event of a potential attack, emphasizing that we were able to move quickly to patch the disclosed vulnerabilities.” User Assets have never been or have been at risk of being accessed by unauthorized third parties.”
— Hoover (@0xfoobar) February 24, 2023
