Solana’s Wormhole Exploiter Moves Another $61M in ETH 

The hacker who exploited Solana’s cross-chain bridge Wormhole a year ago has moved another $61 million in ether (ETH) of the stolen funds.

Blockchain security firm PeckShield disclosed Sunday that the exploiter moved some of the assets to the Ethereum-based decentralized protocol MakerDAO.

Wormhole Attacker Moves Stolen Funds Again

Recall that Wormhole Bridge was exploited in February 2022 after a vulnerability on the platform enabled an attacker to mint wrapped ETH (wETH) without depositing ETH themselves.

The perpetrator made away with 120,000 wETH valued at roughly $320 million, making it one of the biggest hacks in 2022.

Although Wormhole developers offered a $10 million bounty in exchange for returning the stolen assets, the exploiter remained silent, and the account was dormant.

After nearly a year, CryptoPotato reported last month that the attacker moved $155 million worth of ETH from the wallet, for the first time, to the decentralized exchange (DEX) OpenOcean.

The exploiter has now moved another batch of the assets to MakerDAO for algorithmic stablecoin DAI and staked ETH (stETH) purchases.

According to PeckShield, the attacker first moved $46 million worth of assets, including 24,400 wrapped staked ETH (wstETH) valued at $41.4 million and 3,000 Rocket Pool ETH (rETH) worth roughly $5 million.

The hacker swapped the moved tokens for 16.6 million DAI and used them to buy 9,750 ETH at $1,537 each and 1,000 stETH tokens at $1,543 each. Afterward, the exploiter wrapped the purchased tokens for 9,700 wstETH.

PeckShield also noted that the attacker moved an additional 8,800 wstETH worth approximately $15 million to MakerDAO.

$216M Moved So Far

Altogether, the exploiter has moved $216 million out of the stolen $320 million deposited in the wallet associated with the hack.

Notably, during the first fund transfer in January, Wormhole developers reiterated their previous $10 million bounty offer in a message embedded in one of the transactions but received no response from the attacker.

Source link