The Solana-based Wormhole Bridge was hacked for 5 million after the attacker managed to exploit a security flaw, making it one of the largest exploits in crypto history. A year later, a group of white hats, along with two crypto firms, launched a “counter-exploit” against the malicious entities and clawed back a portion of stolen assets tied to the exploit. “Counter Exploit” The counter exploit was jointly conducted by the decentralized finance platform Oasis and Web3 infrastructure company Jump Crypto. The latter was Wormhole’s parent company and had previously replaced all the lost funds. The vulnerability was also patched. Wormhole offered a million bug bounty and white hat agreement to the attackers in exchange for returning the funds, which never transpired.
Topics:
Chayanika Deka considers the following as important: AA News, defi, Hacking, social
This could be interesting, too:
Wayne Jones writes Bad News for Crypto? Elizabeth Warren to Succeed Sherrod Brown on House Banking Committee
Martin Young writes Ethereum’s Modular Strategy: Short-Term Pain, Long-Term Gain, Says Research
Wayne Jones writes DOJ Seeks M in Crypto from Binance Over FTX Bribery Allegations Involving SBF
Chayanika Deka writes Bitcoin Wallet Awakens After 13 Years, Transfers .67M Amid Market Surge
The Solana-based Wormhole Bridge was hacked for $325 million after the attacker managed to exploit a security flaw, making it one of the largest exploits in crypto history.
A year later, a group of white hats, along with two crypto firms, launched a “counter-exploit” against the malicious entities and clawed back a portion of stolen assets tied to the exploit.
“Counter Exploit”
The counter exploit was jointly conducted by the decentralized finance platform Oasis and Web3 infrastructure company Jump Crypto. The latter was Wormhole’s parent company and had previously replaced all the lost funds. The vulnerability was also patched.
Wormhole offered a $10 million bug bounty and white hat agreement to the attackers in exchange for returning the funds, which never transpired. This kicked off an investigation with the help of both government and private resources. Fast forward to 21st February, Oasis received an order from the High Court of England and Wales to take all necessary steps to retrieve assets involved with the wallet address associated with the exploit.
According to a report, $140 million worth of assets were successfully recovered following a counter-exploit. The retrieval was initiated via the Oasis Multisig, and the funds were returned to a court-authorized third party. The counter exploit was only possible with the approval of the Oasis Multisig.
Community Reaction
Despite the retrieval, the community remained divided as the incident unfolded over the weekend. One user pointed out that the entire event sets a bad precedent in the decentralized finance ecosystem. His tweet read,
“w/r/t this Oasis/Wormhole counter exploit that I really didn’t think we’d see court-mandated smart contract manipulation for at least a few more years. Bad precedent and condemnation of upgradable proxies.”
Oasis, however, stressed that the sole intention for granting access was to protect user assets in the event of any potential attack. The platform further asserted that this move allowed the team to quickly fix any vulnerability. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.