Oasis recovered $140m of stolen Wormhole funds with help of whitehat hackers

Oasis Network worked with a whitehat hacking group to retrieve funds stolen from Wormhole, according to a post from the former project on Feb. 24.

On Feb. 2, Solana’s Wormhole bridge was exploited for a sum of cryptocurrency now estimated at $326 million. The attacker later moved a portion of those funds.

Oasis, a DeFi platform and exchange that the attacker relied upon during one step of the attack, soon became involved in the recovery effort.

Oasis disclosed today that, on Feb. 21, it received an order from the High Court of England and Wales requiring it to take steps to retrieve certain stolen assets.

To do so, Oasis chose to work with a whitehat hacking group that had previously proposed a way to retrieve the stolen assets on Feb. 16. The two groups executed the strategy on Tuesday and sent the recovered assets to a court-authorized third party.

Oasis said that this recovery strategy was only possible to a “previously unknown vulnerability” in its own admin multisig access. The project said that this access existed solely to protect user assets, added that user funds have never been at risk, and insisted that it could have patched any vulnerability that was otherwise reported.

Though Oasis did not identify the whitehat hacking group behind the recovery strategy, a report from Blockworks suggests that Jump Crypto was responsible. That report also suggests that $140 million worth of assets were recovered after costs.

The fact that Oasis used a questionable method to recover stolen assets will likely cause controversy. Decentralization advocates might argue that the purpose of blockchain is to provide one with sole control over one’s assets — for better or for worse.