DeFi protocol Oasis Network said it helped Jump Crypto recover some of the stolen funds in the $300 million Wormhole exploit of February 2022, according to a Feb. 24 statement.
The platform disclosed that it acted based on an order from the High Court of England and Wales. Following the order, it helped to retrieve certain assets from a crypto wallet associated with the Wormhole exploit.
According to Oasis, a Whitehat group notified the team about an unknown vulnerability in the design of the admin multi-sig access.
The “access was there with the sole intention to protect user assets in the event of any potential attack,” the team said. It added that there has not been any unauthorized access to users’ assets ever before.
Jump Crypto was yet to release a statement about the events as of press time.
How Oasis ‘Exploited’ the Wormhole Exploiter
Blockworks first broke the news about the counter-exploit. The media house reported that $225 million of the stolen funds was recovered.
According to Blockworks, the exploiter had kept the stolen funds in the Oasis vault, used them to borrow DAI, and then leveraged the DAI on rETH and wstETH. To maintain the collateralization ratio, the exploiter used Oasis automated vaults.
It turned out that the vault contracts were upgradable, and Oasis could access the vault by upgrading the smart contracts. Oasis added a sender wallet to its multi-sig on Feb. 21 and upgraded the automation contract to a new proxy.
By doing this, the Sender could execute the transactions to retrieve the funds and move the collateral from the vault to a new vault before being removed from the multi-sig.
Meanwhile, mixed reactions have trailed the incident from the crypto community. While some consider the action justifiable, others believe it makes a mockery of DeFi.
A partner at MetaCartel Ventures DAO Adams Cochran said he does not like the fact that “[Oasis] has a backdoor that let them seize assets from a user based on a court order.” Crypto investor Evanss6.eth said the actions sets a “horrendous precedent.”
Several community members also pointed out that the incident defeats the purpose of decentralization.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.