Jump Crypto, a provider of Web3 infrastructure and the decentralized finance (DeFi) platform Oasis.app has carried out a “counter exploit” on the Wormhole protocol hacker, recovering $225 million worth of digital assets and moving them to a secure wallet.
A flaw in the protocol’s token bridge allowed the Wormhole assault, which took place in February 2022, to siphon off roughly $321 million worth of Wrapped ETH (wETH).
Since then, the hacker has moved the stolen funds around using several Ethereum-based decentralized applications (dApps). Additionally, via Oasis, they just built up a Wrapped Staked ETH (wstETH) vault on January 23 and a Rocket Pool ETH (rETH) vault on February 11.
The Oasis.app team said that it had received an injunction from the High Court of England and Wales to recover some assets tied to the address associated with the Wormhole Exploit in a blog post on February 24. This verified that a counter-exploit had occurred.
How Jump crypto & Oasis Pulled Off An Amazing Counter Exploit on a Hacker
According to the company, the retrieval was started by “the Oasis Multisig and a court-authorized third party,” which was later revealed to be Jump Crypto in a previous article from Blockworks Research.
According to the transaction histories of both vaults, Oasis transferred 120,695 wsETH and 3,213 rETH to wallets under Jump Crypto’s management on February 21. Moreover, MakerDao’s DAI stablecoin debt owed by the hacker totaled about $78 million and was recovered.
The blog post states,
“We can also confirm that, in accordance with the court ruling, the assets were instantly transferred to a wallet held by the approved third party. We no longer have access to or control over these assets.”
The company underlined that it was only conceivable due to a previously undiscovered weakness in the design of the admin multi-sig access in reference to the detrimental effects of Oasis being able to collect cryptocurrency assets from its user vaults.
According to the report, white hat hackers discovered this vulnerability earlier this month.
“We want to emphasize that this access was only there to safeguard user assets from prospective attacks. It also gave us the opportunity to act rapidly to fix any vulnerabilities that were made known to us. It should be underlined that user assets have never been in danger of being accessed by an unauthorized party, either in the past or the present.”