{"id":542829,"date":"2023-01-24T08:42:40","date_gmt":"2023-01-24T05:42:40","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/wormhole-hacker-moves-155m-in-biggest-shift-of-stolen-funds-in-months\/"},"modified":"2023-01-24T08:42:40","modified_gmt":"2023-01-24T05:42:40","slug":"wormhole-hacker-moves-155m-in-biggest-shift-of-stolen-funds-in-months","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/wormhole-hacker-moves-155m-in-biggest-shift-of-stolen-funds-in-months\/","title":{"rendered":"# Wormhole hacker moves $155M in biggest shift of stolen funds in months"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a4137223f4a5\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a4137223f4a5\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/wormhole-hacker-moves-155m-in-biggest-shift-of-stolen-funds-in-months\/#%E2%80%9D_Wormhole_hacker_moves_155M_in_biggest_shift_of_stolen_funds_in_months_%E2%80%9C\" >&#8221; Wormhole hacker moves $155M in biggest shift of stolen funds in months &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Wormhole_hacker_moves_155M_in_biggest_shift_of_stolen_funds_in_months_%E2%80%9C\"><\/span>&#8221; Wormhole hacker moves $155M in biggest shift of stolen funds in months &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-5a4050f8>The hacker behind the $321 million Wormhole bridge attack has shifted a large chunk of stolen funds, with transaction data showing that $155 million worth of Ether (ETH) was transferred to a decentralized exchange (DEX) on Jan 23. <\/p>\n<p>The Wormhole hack was the third largest crypto hack in 2022, after the protocol\u2019s token bridge suffered an exploit on Feb. 2, 2022, that resulted in the loss of 120,000 Wr<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ed ETH (wETH) around worth $321 million.<\/p>\n<p>According to the transaction <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/txs?a=0x629e7da20197a5429d30da36e77d06cdf796b71a&amp;p=1\">history<\/a> of the hacker\u2019s alleged wallet address, the latest activity shows that 95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets such as Lido Finance\u2019s staked ETH (stETH) and wrapped staked (wstETH). <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/CertiKSkynetAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#CertiKSkynetAlert<\/a> <\/p>\n<p>We are seeing address \u200b\u200b0x629e\u2026 Wormhole Network Exploiter swap 95,630 Ether (~$155M) to stETH <\/p>\n<p>Stay safe! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/ZR6zxlRuKX\">pic.twitter.com\/ZR6zxlRuKX<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1617614595027308568?ref_src=twsrc%5Etfw\">January 23, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Digging into the transaction history further, crypto community members such as @spreekaway also highlighted that the hacker went on to conduct a slew of odd looking transactions. <\/p>\n<p>For example, the hacker used their stETH holdings as collateral to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xbb0dee4a7f682dc5d8778c0f842b25f937f02663f6b3764813abac72956c31ae\">borrow<\/a> 13 million worth of the DAI stablecoin, before swapping it out for more stETH, wrapping into stETH again and then borrowing some more DAI. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Wormhole exploiter has converted his ETH to wstETH and is going to borrow DAI against it it seems. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/9rhERSMG5u\">pic.twitter.com\/9rhERSMG5u<\/a><\/p>\n<p>\u2014 Spreek (@spreekaway) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/spreekaway\/status\/1617608174135312385?ref_src=twsrc%5Etfw\">January 23, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Notably, the Wormhole team has taken the opportunity to once again offer the hacker a bounty of $10 million if they return all the funds, after it left an embedded message conveying such in a transaction via the Wormhole: Deployer. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/ccd48904-c438-4859-a814-349d8a3d0615.png\"><figcaption style=\"text-align: center;\"><em>Embedded message: Etherscan<\/em><\/figcaption><\/figure>\n<p>The hacker\u2019s hefty ETH transaction appears to have had a direct impact on the price of stETH according to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dune.com\/mtgypes\/stetheth\">data<\/a> from Dune Analytics. The asset\u2019s price went from slightly under peg of 0.9962 ETH on Jan. 23, to as high as 1.0002 ETH the following day, before dropping back to 0.9981 at the time of writing.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>North Korea&#8217;s Lazarus Group masterminded $100M Harmony hack: FBI confirms<\/em><\/strong><\/p>\n<p>With the Wormhole hack likely to catch more attention in light of the latest incident, blockchain security firms such as Ancilia, Inc. warned on Jan. 19 that searching the keywords \u201cWormhole Bridge\u201d in Google is currently showing promoted ad websites that are actually phishing operations. <\/p>\n<p>The community has been warned to be diligent on what they are clicking on relating to this term. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\">#phishing<\/a> alert When you search &#8220;wormhole bridge&#8221; in Google, many of the &#8220;ad&#8221; entries are actually phishing site. E.g.<br \/>hxxps:\/\/wormholebridge-multichain.com\/<br \/>hxxps:\/\/portaltoken-wormholebridge.com. Be careful about what you click and stay safe! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/C6JW2xeaUh\">pic.twitter.com\/C6JW2xeaUh<\/a><\/p>\n<p>\u2014 Ancilia, Inc. (@AnciliaInc) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AnciliaInc\/status\/1615967029852524550?ref_src=twsrc%5Etfw\">January 19, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/wormhole-hacker-moves-155m-in-biggest-shift-of-stolen-funds-in-months\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Wormhole hacker moves $155M in biggest shift of stolen funds in months &#8220; The hacker behind the $321 million Wormhole bridge attack has shifted a large chunk of stolen funds, with transaction data showing that $155 million worth of Ether (ETH) was transferred to a decentralized exchange (DEX) on Jan 23. The Wormhole hack&#8230;<\/p>\n","protected":false},"author":1,"featured_media":542830,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/68608218-67ff-4f09-942e-a0c273af784b.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74882,70944,3123,73808],"class_list":["post-542829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-hacks","tag-hackers","tag-leverage","tag-loans"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/542829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=542829"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/542829\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/542830"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=542829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=542829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=542829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}