The Solana-based Wormhole Bridge has been hacked, costing $325 million after attackers managed to exploit a security flaw, making it one of the largest breaches in crypto history.
A year later, a group of white hat hackers and two crypto firms launched an "anti-exploitation" against the malicious entity and recovered some of the stolen assets associated with the exploit. The anti-exploitation was jointly conducted by decentralized finance platform Oasis and Web3 infrastructure company Jump Crypto. The latter, the parent company of Wormhole, has previously recouped all lost funds. This vulnerability has also been patched.
Wormhole offered the attackers a $10 million bug bounty and white hat agreement in exchange for returning the funds, but this never happened. This launched an investigation with the help of government and private sources. Fast-forward to February 21, and Oasis received an order from the High Court of England and Wales to take all necessary steps to recover the assets involved in the wallet address associated with the exploit.
According to one report, assets worth $140 million were successfully recovered following a reverse osmosis operation. The search was initiated through Oasis Multisig and funds were returned to a court-authorized third party. Anti-exploitation is only possible with the approval of Oasis Multisig. Despite the retrieval, the community remained divided as events unfolded over the weekend. One user pointed out that the whole incident sets a bad precedent in the decentralized finance ecosystem. His tweet reads: “w/r/t this Oasis/Wormhole counter exploit that I really didn’t think we’d see court-mandated smart contract manipulation for at least a few more years. Bad precedent and condemnation of upgradable proxies.”
However, Oasis emphasized that the sole purpose of granting access is to protect user assets in the event of any potential attack. The platform further asserted that the move allowed the team to quickly fix any bugs. It should be noted that at no time in the past or present have user assets been at risk of being accessed by any unauthorized party.
