Jump Crypto, a Web3 infrastructure provider, and Oasis.app, a decentralized finance (DeFi) platform, have carried out a “counter exploit” on the Wormhole protocol hacker. As a result, the pair has reclaimed $225 million worth of digital assets and moved them to a secure wallet.
The Wormhole hack took place in February 2022 and resulted in the theft of around $321 million worth of wrapped Ethereum (wETH) by exploiting a weakness in the token bridge of the protocol.
Since then, the hacker has transferred the stolen assets using a number of Ethereum-based decentralized services (DApps), such as Oasis, which has recently opened up vaults for wrapped stETH (wstETH) and Rocket Pool ETH (RETH).
The Oasis.app team confirmed the existence of a counter exploit in a blog post that was published on February 24. The post explained that the team had “received an order from the High Court of England and Wales” to retrieve certain assets that were associated with the “address associated with the Wormhole Exploit.”
According to the team, the recovery was started using “the Oasis Multisig and a court-authorized third party,” which was named as Jump Crypto in an earlier report from Blockworks Research. The report also indicated that the retrieval was successful.
According to the transaction histories of both vaults, Oasis transferred 120,695 wsETH and 3,213 rETH on February 21 and stored them in wallets that are controlled by Jump Crypto. The hacker was also found to have around $78 million worth of debt in the MakerDAO stablecoin known as Dai (DAI), which was returned.
“We are also able to certify that the assets were transferred without delay onto a wallet that is managed by the permitted third party, as the court ruling requested.” It is stated in the blog post that “we do not maintain any control or access to these assets.”
The company underlined that it was “only conceivable owing to a previously undiscovered weakness in the architecture of the admin multisig access,” in reference to the negative ramifications of Oasis being able to collect crypto assets from its user vaults.
According to the publication, a vulnerability of this kind had been brought to light earlier this month by hackers wearing white hats.
We would like to emphasize that this access was implemented with the express purpose of safeguarding user assets in the case of a possible attack, and that it would have enabled us to respond rapidly in order to fix any vulnerabilities that were brought to our attention. It is important to emphasize that the assets of the users have never been in danger of being accessed by an unauthorized third party, neither in the past nor in the present.