The recent counterattack was conducted by Jump Crypto and Oasis. app against a Wormhole protocol hacker managed to recover their digital assets worth $225 million. This recovery has successfully helped attain 70% of the hacked assets, which were later transferred and stored in a safe wallet.
What is the Wormhole attack?
Wormhole is a cross-chain token bridge that helps interact with blockchains like Binance Smart Chain, Ethereum, Solana, Terra, Polygon, Oasis, and Avalanche. However, on 2nd February 2022, Wormhole witnessed the largest DeFi attack of 2022.
Following the attack, the hacker managed to get away with 120,000 wETH tokens that belonged to the Wormhole platform. The estimated value of the lost tokens was approximately $321 million. Moreover, this attack is also considered the second-largest attack on the DeFi industry since its inception.
What Happened After the Wormhole attack?
After the unfortunate Wormhole attack, the hacker stored 432,662 Solana tokens worth nearly $44 million in a separate wallet. In addition, to drain the crypto funds, the hacker filled its wallet with multiple crypto tokens like Meta Capital, SportX, Bored Ape Yacht Club Token, and Karma.
The attacked bridge was one-sided, so the hack could only exploit the Solana bridge’s vulnerability. Also, all other blockchain bridges were considered safe from such attacks. The Wormhole team also temporarily stopped the wETH redeems to fix the issue.
Finally, the Wormhole contacted the hacker using the Ethereum address, asking to return the funds. Moreover, the team members also offered a $10 million reward to the hacker as a bug bounty.
How did Jump Crypto and Oasis.app Recover the Digital Assets?
After a continuous effort lasting over a year, Jump Crypto and Oasis reportedly recovered a major part of the digital assets lost during the Wormhole hacking. The recovered assets include 3.21k rETH and 120.69k wstETH tokens, valued at around $225 million based on the current crypto market price.
The Oasis team confirmed the counterattack by posting a blog post on 24th February 2023. This post mentioned that they took this initiative following the official order issued by the High Court of England and Wales. The High Court provided the permission to execute the necessary steps to help retrieve the assets stolen in February 2022.
Oasis started to conduct its counter-exploit mechanism on 21st February 2023. This mechanism was conducted completely based on the court’s instructions and with the support of a third party authorized by the court. The wallets that the recovered funds were transferred to are completely under the control of Jump Crypto.
While tracking the Wormhole exploiter, it was found that the hacker has frequently shuffled the stolen crypto assets. To do so, the hacker used numerous Ethereum-based DApps. However, the exploiter held assets in two Oasis vaults. The first vault, a wstETH vault, was reportedly opened in January 2023, and the next vault, an rETH vault, was opened in February 2023.
The exploiter used these vaults to borrow DAI tokens to take positions on ETH staking derivatives. By 16th February 2023, the hacker drew a DAI debt worth $78 million against a collateral of $220 million. Simply put, These two prominent vaults used Oasis-supported automation services. While executing the counterattack, the Oasis team redeemed the funds in these two vaults.
The complete counterattack was conducted using several different wallets. These wallets also come with a defined address and name for easier identification, such as Holder (0x5f), Oasis Multisig (0x85), Sender (0x04), Jump1 (0xf8), and Jump2 (0xf5).
Finally, the Oasis team also addressed the vulnerability in accessing users’ funds following the recovery of Wormhole assets. Moreover, the team mentioned that this issue is taken seriously to protect user assets.