An unknown hacker who breached Wormhole, the cross-chain protocol, in February 2022 for over $319 million has begun moving the assets.
Wormhole exploiter has converted his ETH to wstETH and is going to borrow DAI against it it seems. pic.twitter.com/9rhERSMG5u
— Spreek (@spreekaway) January 23, 2023
Twitter user under the handle Spreek noted that the hacker swapped through the DEX-aggregator OpenOcean 95,677 ETH for ‘wrapped version’ stETH from the Lido protocol.
Then he moved the assets into wstETH-compatible tokens on DeFi trading platforms. He used the funds as collateral to borrow several amounts in the stablecoin DAI on the MakerDAO platform. Some of the coins were converted back into ETH via KyberNetwork.
The hacker’s activity affected the stETH price — at times they exceeded the price of the underlying asset, according to Dune Analytics.
“Either the guy is simply playing on-chain with stolen assets, or he has a long position in stETH, so he decided to start trading,” commented Steven Shen, The Block‘s Director of Research.
A similar hypothesis was voiced by Adam Cochran, a partner at venture firm Cinneamhain Ventures.
I always watch these loop ones carefully when its from a hack.
I suspect some of them cash out by going super leverage on a protocol while shorting on another account, let the hacked funds get liquidated in order to cash out on the clean short account.
— Adam Cochran (adamscochran.eth) (@adamscochran) January 23, 2023
“I suspect that some of them [hackers] cash out by using highly leveraged positions, while shorting through another account. This allows the hacked funds to be liquidated and withdrawn through the clean short account,” he noted.
The Wormhole team has again approached the hacker with an offer to return all stolen funds for a legal reward of $10 million.
shooters shoot pic.twitter.com/WxLQeNv8KG
— Spreek (@spreekaway) January 23, 2023
As reported, the Wormhole incident was among the largest by damage in 2022, and industry-wide losses from attacks amounted to about $3.6 billion.
Read ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analytics.