{"id":556296,"date":"2023-02-25T04:20:13","date_gmt":"2023-02-25T01:20:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/jump-crypto-oasis-app-counter-exploits-wormhole-hacker-for-225m\/"},"modified":"2023-02-25T04:20:13","modified_gmt":"2023-02-25T01:20:13","slug":"jump-crypto-oasis-app-counter-exploits-wormhole-hacker-for-225m","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/jump-crypto-oasis-app-counter-exploits-wormhole-hacker-for-225m\/","title":{"rendered":"# Jump Crypto &#038; Oasis.app counter exploits Wormhole hacker for $225M"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e9dab74b36\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e9dab74b36\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/jump-crypto-oasis-app-counter-exploits-wormhole-hacker-for-225m\/#%E2%80%9D_Jump_Crypto_Oasisapp_counter_exploits_Wormhole_hacker_for_225M_%E2%80%9C\" >&#8221; Jump Crypto &#038; Oasis.app counter exploits Wormhole hacker for $225M   &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Jump_Crypto_Oasisapp_counter_exploits_Wormhole_hacker_for_225M_%E2%80%9C\"><\/span>&#8221; Jump Crypto &#038; Oasis.app counter exploits Wormhole hacker for $225M   &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-48054ca8>Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> have conducted a \u201ccounter exploit\u201d on the Wormhole protocol hacker, with the duo managing to claw back $225 million worth of digital assets and transfer them to a safe wallet.<\/p>\n<p>The Wormhole attack occurred in February 2022 and saw roughly $321 million worth of Wrapped ETH (wETH) siphoned via a vulnerability in the protocol\u2019s token bridge. <\/p>\n<p>The hacker has since shifted around the stolen funds through various Ethereum-based decentralized applications (dApps), and via Oasis, they recently opened up a Wrapped Staked ETH (wstETH) vault on Jan. 23, and a Rocket Pool ETH (rETH) vault on Feb. 11. <\/p>\n<p>In a Feb. 24 blog <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.oasis.app\/statement-regarding-the-transactions-from-the-oasis-multisig-on-21st-feb-2023\/\">post<\/a>, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had \u201creceived an order from the High Court of England and Wales\u201d to retrieve certain assets that related to the \u201caddress associated with the Wormhole Exploit.\u201d<\/p>\n<p>The team stated that the retrieval was initiated via \u201cthe Oasis Multisig and a court-authorized third party,\u201d which was identified as being Jump Crypto in a preceding report from Blockworks Research. <\/p>\n<p>Transaction history of both vaults <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/oasis.app\/30100#history\">indicates<\/a> that 120,695 wsETH and 3,213 rETH were <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/oasis.app\/30179#history\">moved<\/a> by Oasis on Feb. 21 and placed in wallets under Jump Crypto\u2019s control. The hacker also had around $78 million worth of debt in MakerDao\u2019s DAI stablecoin that was retrieved. <\/p>\n<p>\u201cWe can also confirm the assets were im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely passed onto a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,\u201d the blog post reads. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/fdbcf84e-aba9-4ccb-b13a-2c2bb18557d7.png\"><figcaption style=\"text-align: center;\"><em>@spreekaway tweet on the counter exploit: Twitter<\/em><\/figcaption><\/figure>\n<p>Referencing the negative implications of Oasis being able to retrieve crypto assets from its user vaults, the team emphasized that it was \u201conly possible due to a previously unknown vulnerability in the design of the admin multisig access.\u201d<\/p>\n<p><strong><em>Related:<\/em><\/strong><strong><em> DeFi security: How trustless bridges can help protect users<\/em><\/strong><\/p>\n<p>The post stated that such a vulnerability was highlighted by white hat hackers earlier this month. <\/p>\n<p>\u201cWe stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"und\" dir=\"ltr\"> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/NX1fclJs5V\">pic.twitter.com\/NX1fclJs5V<\/a><\/p>\n<p>\u2014 foobar (@0xfoobar) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xfoobar\/status\/1629260635224657926?ref_src=twsrc%5Etfw\">February 24, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/jump-crypto-oasis-app-counter-exploits-wormhole-hacker-for-225m\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Jump Crypto &#038; Oasis.app counter exploits Wormhole hacker for $225M &#8220; Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a \u201ccounter exploit\u201d on the Wormhole protocol hacker, with the duo managing to claw back $225 million worth of digital assets and transfer them to a safe wallet. The Wormhole&#8230;<\/p>\n","protected":false},"author":1,"featured_media":556297,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/a1286379-09c6-4283-af7a-e88cf1f7c41d.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74882,76700,70944],"class_list":["post-556296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-hacks","tag-makerdao","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/556296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=556296"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/556296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/556297"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=556296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=556296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=556296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}