This article comes fromBlockworks, by JON RICE & DAN SMITH

Odaily Translator | Nian Yin Si Tang

Odaily Translator | Nian Yin Si Tang

In a coordinated effort between Jump Crypto and Oasis, the hackers who attacked Wormhole in February 2022 appear to be the "victims."Just over a year ago (February 3, 2022),Wormhole Cross-Chain Bridge Hacked

, becoming one of the largest security incidents in the encryption industry. In total, around 120,000 ETH was stolen, worth a whopping $325 million at the time.After Jump Crypto, to support the continued development of Wormhole. Jump Cryptosaysay

I believe in the prospect of multi-chain and believe that Wormhole is an essential infrastructure in the future, so I will continue to support Wormhole and help it continue to develop.

Jump Crypto, the Chicago-based cryptocurrency division of Jump Trading, was involved in the development of the Wormhole protocol.

At the time, Wormhole offered hackers $10 million in bug bounties and white hat agreements in exchange for their return of funds. But that never seems to happen.

Dave Olsen, president and chief investment officer of Jump Trading Group, told Bloomberg a month later: "We are in close consultation with government resources and private sources. Many of them are experts in tracking down these types of criminals. We will always fight this. So, this is not It's a permanent endeavor that we'll be distracted from next month or next year."

According to an on-chain analysis by Blockworks Research, Jump ultimately won the battle. Just three days ago, the funds appeared to have been recovered.

However, Oasis published astatementstatement

, stating:

"On 21 February 2023, we received an order from the High Court of England and Wales ordering us to take all necessary steps to recover certain assets linked to wallet addresses linked to the Wormhole attack on 2 February 2022. As required by law , which was undertaken under a court order using Oasis Multisig and a court-authorized third party.

We can also confirm that these assets were immediately transferred to wallets controlled by authorized third parties, as required by the court order. We retain no control over or access to these assets. "Dan Smith, Analyst, Blockworks Research：

describes the process in detail

"Transaction history indicates that Jump Crypto and Oasis collaborated to reverse engineer an upgradable Oasis contract to obtain stolen funds from the vaults of the original Wormhole attackers.

The attacker continued to move the stolen funds through various Ethereum applications. They recently opened two Oasis vaults, taking leveraged long positions on two ETH-collateralized derivatives. Importantly, both vaults use automated services provided by Oasis.

This counter exploit involved several wallets. Each address is defined and named for use throughout the analysis:

- Oasis Multisig: 4 out of 12 Multisigs with Oasis proxy contracts.

- Holder: Currently holding the recovered funds, which seems to belong to Jump.

- Sender: responsible for performing the reverse attack, seems to belong to Jump.

The process started on February 21, when Sender was added as a signatory to Oasis Multisig. Sender executed 5 transactions to advance the reverse attack and was subsequently removed as a signer of Oasis Multisig.

The majority of the funds recovery process was carried out in the third transaction from Sender to Oasis Multisig. To quickly summarize this transaction, Sender "utilized" the Oasis contract, allowing it to transfer collateral and debt from the attacker's vault to Sender's own.

After taking control of the attacker's vault, a wallet labeled Jump Crypto by several analyst firms sent 80 million DAI to the Sender. The DAI was used to repay the vault’s outstanding loan and $218 million in collateral was withdrawn. The recovered collateral is then sent to the Holder where the funds are currently located.

It is unclear whether Sender and Holder belong to Oasis or Jump. However, the base case assumption is that Jump has control of these addresses because Jump paid off the debt to withdraw the collateral. Neither Jump nor Oasis confirmed this.

Thus, Jump appears to have successfully fought back against the Wormhole attackers and recovered the ETH stolen from it a year ago. Excluding the portion of the funds paid back in DAI to recover the collateral, the net proceeds of the reverse attack were approximately $140 million. "Cross-chain bridge attacks have been responsible for many of the largest thefts in the crypto industry, including the $540 million Ronin hack,。

Later attributed to North Korean hacking group Lazarus

But transparent, open, permissionless public blockchains are proving to be the “secret weapon” in the fight against financial crime.

Questions of the ethics, and even legality, of attacking hackers may be debated in the future. But for now, it looks like Jump Crypto took in $140 million more than last week.