In a surprising turn of events, Jump Crypto and Oasis have reportedly worked together to recover the funds stolen in the infamous Wormhole attack of February 2022. The Wormhole bridge was attacked last year, resulting in the loss of approximately 120,000 ETH, which was valued at $325 million at the time. Jump Crypto, which was involved in the development of the Wormhole protocol, replaced the stolen funds with the aim of making the community members whole and supporting Wormhole.
Wormhole had offered a $10 million bug bounty and a white hat agreement to the hackers in exchange for returning the funds, but it seems that never happened. Dave Olsen, Jump Trading Group’s president and CIO, had previously stated that they were working closely with government and private resources to track down the hackers, and that this was a permanent condition.
According to a blockchain-based analysis by Blockworks Research, Jump Crypto and Oasis appear to have coordinated to counter-exploit an upgradable Oasis contract, thereby securing the stolen funds from the original Wormhole exploiter’s vaults. The exploiter had moved the stolen funds through various Ethereum applications, and had recently opened two Oasis vaults, creating a levered long position on two ETH staking derivatives. Both vaults used the automation services offered by Oasis.
The counter-exploit involved several wallets, each of which was defined and given an alias that was used throughout the analysis. The Oasis Multisig, which was a 4 of 12 multisig that owned the Oasis proxy contracts, was used in the process. The Holder currently holds the recovered funds and appears to be owned by Jump, while the Sender was responsible for executing the counter-exploit and appears to be owned by Jump as well.
The bulk of the recovery process was executed in the Sender’s third transaction to the Oasis Multisig. The Sender tricked the Oasis contracts into allowing it to move the collateral and debt from the exploiter’s vaults into the Sender’s own vaults. After taking control of the exploiter’s vaults, a wallet tagged Jump Crypto sent 80M DAI to the Sender, which was used to repay the open loans on the vault and withdraw the $218M of collateral. The recovered collateral was then sent to the Holder, where the funds currently reside.
It is currently unknown if the Sender and Holder are owned by Oasis or Jump, but the base case hypothesis is that Jump has control of these addresses, given that Jump paid down the debt to withdraw the collateral. Neither Jump nor Oasis has confirmed this.
Cross-chain bridge hacks have been responsible for many of the largest thefts in the crypto industry. While the ethics and legality of exploiting the exploiter may be debated, permissionless blockchains are proving to be exceptional tools for those fighting financial crime.
Jump Crypto declined to comment on the findings, and Oasis did not reply to a request for comment. However, Oasis released a statement following the publication of the article, noting that it had received an order from the High Court of England and Wales to take all necessary steps that would result in the retrieval of certain assets involved with the wallet address associated with the Wormhole Exploit on the 2nd February 2022. The assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order, and Oasis retains no control or access to these assets.
For now, it seems that Jump Crypto is $140 million better off than it was last week, and one hacker may be ruing the missed opportunity to secure $10 million and a Get Out of Jail Free card.
Read more:
- Binance And Huobi Freeze Accounts Containing $1.4 Million In Cryptoassets Linked To Harmony’s Horizon Bridge Hack Attributed To Lazarus Group
- Norwegian Authorities Set New Record In Cryptocurrency Seizure After Axie Infinity Hack