Wormhole counter-exploit recovered $140M

07 Mar 2023 Heists

Previously, we covered how a hacker had stolen 120,000 ETH (worth $320 million) from Wormhole bridge. One year later.. Jump Crypto has recovered $140M, by exploiting a smart contract.

How it works?

The hacker has deposited the stolen ETH on Oasis vaults, which is an Ethereum dapp.

Jump & Oasis exploited the Oasis contract, by “upgrading” the contract using the AutomationExecutor proxy.

In isolation, granting control to an external contract is not suspicious. Automated vaults need the ability to act on behalf of the user. However, the Oasis automation contracts use an upgradable proxy pattern, meaning the contract logic can be changed by the contract owner at any time. The owner of the Oasis automation contracts is a 4 of 12 Gnosis Safe we will refer to as the Oasis Multisig.

This upgrade pattern is being exploited to steal back the fund.

Code is law?

While the funds are recovered, we question the means to recovering it.

Technically, the same exploit can be used to steal any user crypto.

They are changing the code as and when they like.

Perhaps, law is law.