Wormhole hacker, one of the biggest bridges connecting Solana and other blockchains, transferred stolen funds. According to the analysis company CertiK, the attacker moved about US$ 155 million in Ether (ETH), which corresponds to almost R$ 800 million.
This is the first time the hackers have moved funds in months. The analysis shows that the attackers used a decentralized exchange (DEX) to move the money.
Such moves often occur when hackers want to use stolen funds or exchange them for cryptocurrencies. In this case, they often use DEX and mixers to hide the origin, but CertiK has confirmed that the addresses belong to the hackers.
Almost 100 thousand ETH
According to the data, the total movement corresponds to 95,630 ETH, which the hackers sent to a DEX called OpenOcean. On the platform, hackers converted ETH into Staked Ether (stETH) and wrapped stETH (wstETH).
The explorer then used wstETH as collateral to take out a $13 million loan in stablecoin DAI. With that, the attacker tried to buy almost 8,000 ETH via KyberNetwork, which is about BRL 67.6 million. The address repeated this operation several times to be able to convert the funds.
At that rate, the hacker would need to do almost 12 operations to convert all the stolen value. Conversions increased activity on the blockchain as well as trading volumes. And it was based on these increases that CertiK was able to identify the source of funds.
At the same time, the Wormhole team also identified operations. They sent a message to the hacker offering a $10 million reward for returning the funds. The message said the following:
“We would like to reiterate our previous offer of a $10 million reward for the full return of all stolen funds. You can contact us at [email protected] or reply to the message on the blockchain”.
The team sent the message more than once while the hacker moved the funds, but have not heard back at press time.
With renewed activity, a cybersecurity firm – Ancillaº has issued a warning that many of the ad entries displayed by Google for the keywords “Wormhole Bridge” are actually phishing sites.
Second biggest attack in history
The attack against Wormhole was one of the biggest ones carried out in 2022. In fact, the robbery is second only to the attack on Ronin in terms of total value embezzled
In the attack, the hacker exploited a vulnerability in the bridge’s validation system that allowed him to fraudulently generate amounts of wrapped Ether (WETH). Then, the attacker exchanged the tokens for ETH and managed to carry out the theft.
In a series of transactions, the hacker stole nearly 120,000 ETH from Wormhole (WeETH) worth more than $320 million.