Oasis ‘Counter Exploits’ Wormhole Hacker to Retrieve $225M on Court Order

The DeFi platform retrieved the funds due to a previously unknown vulnerability in the design of the admin multisig access.

A skeleton fishing a sandworm out of a green lake.
  • Oasis received an order from the High Court of England and Wales to retrieve the funds from an address associated with the Wormhole exploit.
  • The DeFi platform retrieved $225 million with the help of a whitehat hacker group.
  • The whitehat hacker group exploited a previously unknown vulnerability in the design of the admin multisig access to retrieve the funds.

Oasis, a decentralized finance (DeFi) platform, has retrieved the stolen funds associated with the Wormhole exploit.

Wormhole, a bridge on Solana, got exploited for around $326 million worth of wrapped ether (WETH) on February 2. The hacker then moved the stolen funds through various DeFi platforms, including Oasis.

But the hacker didn’t go too far. In a blog post on Friday, Oasis said it received an order from the High Court of England and Wales to retrieve funds from an account associated with the Wormhole exploit. 

Sponsored

The DeFi platform retrieved $225 million in stolen funds thanks to a whitehat hacker group that essentially “counter-exploited” the Wormhole hacker. The group, which according to Blockworks Research is Jump Crypto, offered its help by exposing a previously unknown vulnerability in the design of the admin multisig access.

However, Oasis said there are no other vulnerabilities in the protocol and that user assets are always safe and no unauthorized party can access them.

“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.”

Oasis said that it immediately sent the retrieved funds to a wallet controlled by the authorized third party, as required by the court order, and that it has no control over them.

On the Flipside

  • Some industry observers were worried about Oasis’ ability to upgrade the contract to comply with the law.

Why You Should Care

It’s encouraging to see justice served to crypto hackers. However, users should also be aware that some decentralized finance platforms seem to have the ability to upgrade their smart contracts to favor one side over the other. Users should always do their own research before choosing where to trade and invest.

Sponsored

Read more about recent crypto hacks:

Millions from Axie Infinity Hack Recovered by FBI and Norwegian Authorities

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Arturas Skur

Arturas Skur is a cryptocurrency news reporter at DailyCoin who covers Web 3.0 domains, DeFi, and Ethereum Layer-2s. With over five years of experience in journalism and public relations, Arturas brings his critical thinking and analytical abilities to deliver insightful news stories. In his free time, he enjoys hiking, playing with his dog, and reading.