A cybercriminal who pilfered 120,000 ETH tokens, valued at over $321 million during the theft, from the Wormhole cross-chain bridge is now on the move with the stolen assets, as pointed out by multiple on-chain experts. On January 23rd, this individual transferred Ethereum worth $155 million to 1Inch, a decentralized exchange (DEX).
The unidentified assailant has since begun converting their ETH tokens into various other digital currencies. As per insights from @lookonchain, the malefactor exchanged 95,630 ETH (equivalent to $155 million) for 86,473 wstETH – this represents a wrapped variant of the Ethereum liquid staking protocol under Lido, known as stETH.
Subsequently, with the wstETH in their possession, the hacker borrowed DAI, a stablecoin pegged to the dollar, amounting to $14.5 million. With this, they acquired an additional 8,913 stETH. This newly acquired stETH was leveraged to secure an extra loan, this time amounting to just $1.5 in DAI.
The perpetrator’s peculiar actions persisted, as noted by on-chain analyst @spreekaway. The hacker proceeded to send 0.1 ETH to a fresh address.
Drawing from these actions, Spreek hypothesized that this individual might have ties to the perpetrator behind the BNB bridge heist, citing resemblances in their modus operandi.
In response to these developments, the Wormhole bridge team extended an olive branch to the perpetrator, proposing a $10 million reward in exchange for the complete return of the misappropriated assets. They provided an email address, ensuring the hacker could reach out discreetly.
Exploits Still a Big Problem in Crypto
The breach of the Wormhole bridge, while considerable, ranked as the third most substantial in 2022. The Ronin bridge hack took the top spot, with a staggering $612 million being siphoned off. This bridge was designed to facilitate the transfer of assets from the Ethereum blockchain to the Ronin sidechain, specifically engineered for Axie Infinity. There’s widespread suspicion that the infamous North Korean hacking collective, the Lazarus Group, played a part in this heist.
Following closely, the second mammoth theft was from an FTX wallet, amounting to $477 million. This incident occurred shortly after the exchange experienced a meltdown. By the end of 2022, the total value of pilfered cryptocurrency amounted to an overwhelming $2 billion, representing roughly 0.25% of the total market cap of cryptocurrencies at that time.
These breaches underscore the persistent vulnerabilities within the crypto realm. Decentralized systems, despite their touted advantages, remain susceptible to significant losses. If malevolent actors identify code vulnerabilities or gain access to confidential data, funds can be easily drained. Moreover, individual users continually grapple with an array of threats, including phishing scams and counterfeit websites.
The safety of funds stands out as a primary concern hindering the widespread acceptance of cryptocurrency. Given the current risks of theft, many potential users are hesitant to invest or engage with crypto.
However, there are measures that individuals can employ to minimize these risks. When holding crypto on centralized platforms, it’s essential to enable Two-Factor Authentication (2FA). The security of 2FA can be enhanced further by utilizing apps like Google Authenticator.
It’s also wise for users to transfer their assets to a hardware wallet, making sure they securely back up the associated seed phrase. Implementing unique and robust passwords is crucial too. Moreover, while navigating the Decentralized Finance (DeFi) ecosystem, users must remain vigilant, ensuring they’re not lured into counterfeit websites or dApps designed to misappropriate their assets or data.