Oasis platform confiscates assets tied to Wormhole hack

The DeFi platform Oasis confiscated assets linked to the Wormhole cross-chain bridge hack, which occurred in February 2022. The operation was authorised by a British court.

A statement regarding the transactions from the oasis multisig on 21st Feb 2023 https://t.co/ua78BAAEj4

— Oasis.app ? (@oasisdotapp) February 24, 2023

“On 21 February 2023 we received the order of the High Court of England and Wales to take all necessary steps to recover certain assets linked to the wallet address associated with the Wormhole hack,” the statement said.

To recover the assets, developers exploited a vulnerability in the admin-access mechanism via multisignature, which had been discovered by an unnamed white-hat hacker. According to the statement, in accordance with the court’s decision, all funds were transferred to a wallet controlled by an authorised third party.

Oasis emphasised that the mechanism was designed to protect user assets in the event of malicious attacks. It also allows the project team to promptly fix bugs in the codebase.

According to Blockworks Research, the confiscated funds were transferred to Jump Crypto, the venture behind Wormhole. Last year it provided funding to compensate losses for users of the cross-chain bridge.

3/

3 days ago, +120k wstETH and +3k rETH ($225M) was counter exploited from an Oasis vault owned by the Wormhole Network Exploiter 0x62.

0x62 used these vaults to borrow DAI and lever long wstETH and rETH.

But how could the assets of another user be seized?

— Blockworks Research (@blockworksres) February 24, 2023

Analysts explained that the Wormhole-hack linked address used the Oasis platform to deposit funds into the Maker Protocol and subsequently borrow the stablecoin DAI.

According to the report, after settling the debt Jump Crypto wallets received assets worth around $140 million.

MakerDAO explained that it does not control the providers that give users access to Maker Vaults. At the same time, the platform’s official smart contracts do not depend on external teams.

Firstly, MakerDAO does not have control over any of the frontend providers or products that enable end-user access to Maker Vaults.

Furthermore, none of the available frontends that connect to the Maker Protocol are developed or maintained by MakerDAO.

2/

— Maker (@MakerDAO) February 25, 2023

As previously reported, in the early hours of 3 February 2022, attackers exploited the withdrew 120,000 WETH from the Wormhole pool (worth more than $319 million at the time).