In what appears to be the third largest hack in recent DeFi history, news of fund movement in relation to the historical Wormhole hack once again sparks a certain degree of fear, uncertainty, an doubt in the DeFi industry.
Roughly a year ago, CryptoDaily reported how $323 million was siphoned off of Wormhole, a cross-chain protocol bridging the Solana and Ethereum ecosystems. According to CryptoDaily's previous coverage, the attack was carried out using a ‘re-entrancy’ bug, which allowed the yet unidentified threat actors to freely withdraw funds from the protocol.
In terms of methodology, the re-entrancy exploit is similar to one that has been identified as a vulnerability in Uniswap's Universal Router, a process that's been explained in detail by Dedaub. The attack left Wormhole's protocol open to scrutiny, with more concerns on the future stability of the protocol thrown for the project's developers and community.
According to data extracted from Etherscan, the funds from the previous year's attack have been moved, with transaction data indicating some $155 million worth of Ethereum (95,630 $ETH) being transferred through OpenOcean, a decentralized exchange. Blockchain security auditing firm CertiK provided an initial alert on the matter:
However, at the time of writing, the wallet address itself has not been confirmed nor identified as belonging to the threat actor behind the Wormhole hack. The funds were later converted into assets pegged against Ethereum such as stETH (from Lido Finance) and wstETH (resulting wrapped token), which are rebased tokens that are integrated with other DeFi platforms such as Curve and Yearn. The protocol's development team has attempted to communicate with the threat actor through an embedded message, offering a bug bounty worth $10 million if the funds are returned safely.
This recent development caused a minor price impact on stETH, with the asset depegging to 0.9962 within the day of discovery (January 23rd), while quickly recovering to a minimal price variation as the price cycle closed off.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.