CryptoMagazine
    What's Hot

    Evertwine To Launch A New Free-to-Play Blockchain TCG Game and NFT Ecosystem

    2023-02-26

    The Ultimate Impact of Blockchain Technology on Global Finance

    2023-02-26

    Solana Blockchain hit by hours-long network slowdown and technical problems

    2023-02-26
    Facebook Twitter Instagram
    LinkedIn Facebook Twitter YouTube Discord Telegram BlogLovin
    CryptoMagazineCryptoMagazine
    화요일, 3월 21
    • #FTX
    • Daily News
    • Short News
    • Editor’s Pick
    • Project Review
    • Crypto
    • Defi
    • Game
    • NFT
    • Metaverse
    • Etc
    • Learn
    CryptoMagazine
    Home»Defi»Jump Crypto and Oasis.app ‘counter exploits’ Wormhole hacker for $225M
    Defi

    Jump Crypto and Oasis.app ‘counter exploits’ Wormhole hacker for $225M

    ICARUSBy ICARUS2023-02-26댓글 없음2 Mins Read
    LinkedIn Facebook Twitter Telegram Email
    #image_title
    Share
    LinkedIn Facebook Twitter Telegram Email


    Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo clawing back $225 million of digital assets and transferring them to a safe wallet.

    The Wormhole attack occurred in February 2022, with roughly $321 million worth of wrapped ETH (wETH) exploited via a vulnerability in the protocol’s token bridge.

    The hacker has since moved the stolen funds through various Ethereum-based decentralized applications (DApps), such as Oasis, which recently opened up wrapped stETH (wstETH) and Rocket Pool ETH (RETH) vaults.

    In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets related to the “address associated with the Wormhole Exploit.”

    The team stated that the retrieval was initiated via “the Oasis Multisig and a court-authorized third party,” which was identified as Jump Crypto in a preceding report from Blockworks Research.

    Both vaults’ transaction history indicates that Oasis moved 120,695 wsETH and 3,213 rETH on Feb. 21 and placed in wallets under Jump Crypto’s control. The hacker also had around $78 million debt in MakerDAO’s Dai (DAI) stablecoin, which was retrieved.

    “We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,” the blog post reads.

    @spreekaway tweet on the counter exploit. Source: Twitter

    Referencing the negative implications of Oasis being able to retrieve crypto assets from its user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of the admin multisig access.”

    Related: DeFi security: How trustless bridges can help protect users

    The post stated that such a vulnerability was highlighted by white hat hackers earlier this month.

    “We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.”

    pic.twitter.com/NX1fclJs5V

    — foobar (@0xfoobar) February 24, 2023