Oasis is said to have helped the Jump Crypto investment fund recover $140 million in ETH stolen in the Wormhole bridge attack in February 2022.
According to an announcement posted on the morning of February 25, Oasis – a project specializing in creating vaults to borrow money and receive interest with links to MakerDAO and DAI – said that it had successfully recovered 120,000 ETH, worth $140 million at the time. make the article, from the Wormhole bridge attack and return it to the previous owner.
Notably, this unit claims to have been ordered by the Supreme Court of England and Wales to be all ways to get the money back.
A statement regarding the transactions from the oasis multisig on 21st Feb 2023 https://t.co/ua78BAAEj4
— Oasis.app (@oasisdotapp) February 24, 2023
As reported by Kyptos, in February 2022, the Wormhole bridge connecting Solana with Ethereum was attacked by hackers, resulting in the loss of up to 120,000 ETH, worth up to 325 million USD at that time. Just a few hours after the hack took place, the Jump Crypto investment fund that backed Wormhole said it would spend money to fix all the damage.
Oasis revealed that an attacker at the end of January 2023 used their vault solution and multisig wallet to store dirty funds, then engaged in liquid staking ETH. After being reported by a white hat hacker to discover a flaw related to the design of access to multisig on February 16, 2023, Oasis decided to take advantage of that bug to “trick” the hacker wallet into transferring assets out. outside and got all the money back through a series of transactions made on Feb. 21.
The project has refunded the recovery money to an “authorized third party”, most likely Jump Crypto.
Oasis wrote:
“We want to emphasize that the above action is only for the sole purpose of protecting the interests of users in the event of an attack, allowing us to quickly patch the bug. There have been no cases of unauthorized access to user assets on Oasis so far.”
However, Oasis’s decisions are causing great controversy in the crypto community on Twitter, arguing that it will set a dangerous precedent that threatens the immutability of the blockchain, as well as for the DeFi project to be possible. pressured by the law to perform the above “self-hacking” actions.
1. receive court order
2. upgrade contracts to rug money from someone to comply with order— 0xngmi (aggregatoor arc) (@0xngmi) February 24, 2023
Not to mention that the wallet provided by Oasis should be a non-custodial wallet because the user holds the private key and has full control, which means that this unit cannot unilaterally intervene like that.
— foobar (@0xfoobar) February 24, 2023
Both Wormhole and Jump have yet to release an official statement about the incident.
Synthetic Kyptos
