Jump Crypto Exploits Wormhole Hacker For $225M

Jump Crypto

Jump Crypto, a Web3 infrastructure company, and Oasis.app, a decentralized finance (DeFi) platform, have performed a counter-attack against the Wormhole protocol hacker, retrieving and transferring $225 million in digital assets to a secure wallet. Due to a flaw in the protocol’s token bridge, the February 2022 Wormhole attack resulted in the loss of about $321 million in Wrapped ETH (wETH).

Since then, the hacker has transferred the stolen assets through different Ethereum-based decentralized apps (dApps). Using Oasis, they built a Wrapped Staked ETH (wstETH) vault last month and a Rocket Pool ETH (rETH) vault early this month.

Jump Crypto Recovers $140M

In a blog post published on February 24, the Oasis.app team verified the occurrence of a counter-exploit and stated that it has obtained an order from the High Court of England and Wales to reclaim some assets tied to the address associated with the Wormhole exploit.

Oasis Multisig and a court-authorized third party, named Jump Crypto in a previous investigation by Blockworks Research, initiated the recovery. Transferred funds to secure wallets The transaction history of both vaults reveals that on February 21, Oasis transferred 120,695 wsETH and 3,213 rETH to wallets under the control of Jump Crypto. Moreover, about $78 million of MakerDao’s DAI stablecoin debt owed by the hacker was recovered.

According to the blog post, it can also be established that the assets were instantly moved, as required by the court order, to a wallet managed by an approved third party. It no longer has access to or controls these assets.

In reaction to the negative implications of Oasis’s ability to extract crypto assets from user vaults, the team emphasized that this was only possible because of a previously undiscovered flaw in the architecture of the admin multi-sig access.