Wormhole hacker suddenly becomes active, moves $46M of stolen funds

Posted on February 10, 2023 at 8:33 PM

Wormhole hacker suddenly becomes active, moves $46M of stolen funds

The attacker behind the Wormhole exploit has moved an additional $46 million worth of stolen crypto assets. The wormhole exploit was one of the largest attacks in the cryptocurrency industry. The exploit happened in February 2022, with around $321 million worth of wrapped Ether being stolen by the hackers.

Wormhole attacker moves $46 million worth of stolen funds

A report by the blockchain security company PeckShield noted that the wallet addresses associated with the Wormhole attacker had been activated. The wallet had transferred $46 million worth of crypto assets in the recent transaction.

The crypto assets moved by the attacker include 24,400 wrapped Ethereum staking tokens (wstETH) that Lido Finance issues. These tokens are worth around $41.4 million. The attacker also transferred 3000 Rocket Pool Ethereum staking tokens (rETH) valued at around $5 million. These funds were transferred to the MakerDAO platform.

The Peckshield report also noted that the attacker might be looking for an opportunity to generate yield or arbitrate opportunities on the stolen assets. This was because the assets were later traded for 16.6 million DAI. DAI is the native stablecoin for one of the largest decentralized finance (DeFi) platforms, MakerDAO.

The DAI stablecoin was later used to purchase 9,750ETH. The hacker bought Ether at $1,537 and later bought 1,000 stETH. These tokens were later converted to 9,700 wrapped Ethereum staking tokens.

The transfer of funds by the attacker comes days after an on-chain investigator noted that the hacker also seemed to be buying the crypto dip. However, Ether has been bearish in the last 24 hours, with the token falling below the price at which the hacker purchased it. In the last 24 hours, ETH has declined by 2.4% to trade at $1,504 at the time of writing, according to data from CoinGecko.

When the hacker made these transfers, the prices of stETH had depegged from ETH and gained to around $1,570. However, stETH had reclaimed its peg with Ether at the time of writing, with only a 0.1% discount. On the other hand, wstETH also lost its peg against ETH. wstETH is yet to reattain its peg, and at the time of writing, it was trading at $1,670, notably higher than the underlying asset.

The latest transfer of funds by the attacker comes a few weeks after the threat actor transferred an additional $155 million worth of Ether to a decentralized storage platform. Towards the end of last month, the hacker transferred 95,630 ETH to the OpenOcean decentralized exchange and later converted these assets into ETH-pegged assets such as the Lido stETH and wstETH.

The Wormhole bridge attack

The attack on the Wormhole token bridge happened in February last year. The attack led to the loss of around $321 million worth of wrapped Ether. Wormhole is a bridge that aids users in transferring crypto assets between different blockchains such as Avalanche, BNB Chain, Ethereum, Oasis, Polygon, Solana, and Terra without having to use a centralized exchange.

The attack happened on the Solana side of the Wormhole bridge. At the time of the breach, the Wormhole team assured users that the Ether supply would be restored to ensure that wrapped Ether reattains its 1:1 peg.

During this exploit, the hacker minted 120,000 wETH on the Solana side of the bridge. They later redeemed 93,750 wETH, valued at $254 million on the Ethereum side of the bridge. The hacker quickly used the stolen funds to acquire multiple digital assets, including a Bored Ape Yacht Club (BAYC) NFT.

This exploit could be attributed to the latest decision by Andreessen Horowitz’s a16z to oppose the deployment of Uniswap v3 on the BNB Chain. The venture capital firm had prompted the use of one of the companies within its portfolio, LayerZero, to be used as a cross-chain bridge. The a16z team raised issues about the security of the Wormhole bridge.

One of the partners at a16z, Porter Smith, said, “we do not believe Wormhole offers the most secure or decentralized bridging option.” A16z used 15 million tokens to vote against the proposal, but this did not prevent it from passing.

The vote was closed on Friday 10, and it passed with 66% of the respondents voting in favor of using Wormhole, with 34% opposing the proposal. Uniswap is now rushing to deploy its v3 platform on BNB Chain before April 1. Uniswap v3 is currently available on Ethereum and other blockchains.

Wormhole hacker suddenly becomes active, moves $46M of stolen funds
Article Name
Wormhole hacker suddenly becomes active, moves $46M of stolen funds
The Wormhole hacker has moved $46M worth of stolen funds. The moved funds include 24,400 wstETH and 3000 rETH. The funds were moved to MakerDAO.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading