- Jump Crypto recaptured 120k ETH lost in the Wormhole hack.
- Exploiter upgraded automation contract to steal funds.
- Wormhole offered a $10m reward for surrendering the funds, which didn’t happen.
According to recent reports by Chinese journalist Collin Wu, Jump Crypto, a worldwide pioneer in web3 infrastructure development and investment, has recaptured the 120k ETH lost in the Wormhole hack last year.
Breaking: Jump Crypto has recovered the 120,000 ETH stolen during the 2022 Wormhole exploit. The Sender tricked the Oasis contracts into allowing it to move the collateral and debt from the Exploiter’s vaults into the Sender’s own vaults. Oasis said the assistance was requested… https://t.co/GE6lBksr97
The assertions imply that the Sender shifted the Collateral and Debt from the Vaults of the Exploiter to his Vaults by modifying the Oasis contracts. Jump Crypto, however, successfully recovered the stolen ETH with the help of Oasis, who the court had summoned.
Additionally, it was discovered by Blockworks Research that the Sender had transferred the collateral and debt from vault 30100 to a different vault by upgrading the automation contract to a new proxy that granted him access.
To quickly summarize this transaction, the Sender upgraded the automation contract to a new proxy that allowed the Sender to move the collateral and debt from vault 30100 into a new vault that the Sender controlled – out of the Exploiter’s control.
— Blockworks Research (@blockworksres) February 24, 2023
Nonetheless, the exploiter made a grave error by letting the multisign automation contract access vault 30100. The counter-exploit was achievable with the complete control made attainable by updating the AutomationExecutor proxy contract.
On the other hand, Wormhole offered the hackers a $10 million bug reward and a white hat agreement in consideration for surrendering the funds. It never took place.
Jump Crypto did not state the results, while Oasis did not respond to an inquiry. Nevertheless, Oasis did issue a statement in the wake of the Wormhole hack’s recovery process.
Further, Oasis confirmed that they had no access nor control over these assets as they were immediately passed onto a wallet controlled by the authorized third party, as required by the court order.