An unknown attacker who exploited the Wormhole blockchain bridge vulnerability and stole $321 million worth of cryptocurrency nearly a year ago began moving $155 million worth of assets, using the stolen funds as collateral to be used for a variety of barter transactions.
Hackers transferred 95.6 thousand stolen units of cryptocurrency Ethereum (ETH) to decentralized exchange OpenOcean, experts at a cybersecurity company have discovered Certik. These funds were exchanged for ETH-pegged digital assets: Staked ETH (stETH) and Wrapped Stacked ETH (wstETH) from the Lido Finance platform. He used stETH “coins” as collateral to get a loan in DAI stablecoins for $13 million – these funds were used for further purchases of stETH, after which the operation was repeated.
The hacking of the Wormhole Bridge, which provides communication between blockchains, became known on February 2 last year. A certain individual exploited the platform’s vulnerability and generated 120,000 wETH tokens, which were subsequently exchanged for ETH on the main blockchain. Immediately after the hack, the wormhole administration sent a transaction to the hacker’s address and, in a comment, offered to uncover the attack plan and return the $10 million in funds. When the attacker’s wallet came to life on January 23, the bridge administration repeated this message.