The hacker responsible for hacking the $321 million Wormhole blockchain bridge has started a turnover of stolen assets. He transferred 95.6 thousand Ethereum ($155 million) of stolen funds to the decentralized exchange OpenOcean, cybersecurity company Certik said on Twitter. The blockchain data shows that the ETH was then converted into assets linked to the Ethereum price, such as staked ETH (stETH) and wrapped staked ETH (wstETH) from Lido Finance.
In February last year, hackers exploited a vulnerability in the cross-chain crypto platform Wormhole and stole more than $320 million in cryptocurrencies. After the hack, the Wormhole administration sent a transaction to the hacker with a $10 million offer to uncover the attack method and return the stolen funds. When the hacker's wallet was activated on January 23, the bridge administration repeated the proposal.
Wormhole is a platform that allows users to transfer cryptocurrencies across different blockchains. The platform locks the original token in a smart contract and then creates a “wrapped” version of the stored token that can be transferred to another blockchain. The platform supports the Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra blockchains.
On January 23, the attacker transferred part of the funds in Ethereum to decentralized platforms and converted them into other tokens. This attracted the attention of members of the crypto community, who discovered that the attacker had begun to conduct a series of exchange transactions. Mechanism Capital co-founder Andrew Kang noted that the Wormhole hack began using the stolen assets as leverage. The hacker used stETH as collateral to secure a $13 million DAI stablecoin loan, then used the funds to buy more stETH tokens and repeated the transactions. The Block's director of research, Steven Zheng, suggested that the attacker could be just having fun online with stolen assets or long stETH.