Wormhole hacker moves $155M in biggest shift of stolen funds in months

Wormhole hacker moves 5M in biggest shift of stolen funds in months

The hacker responsible for the $321 million Wormhole Bridge attack has transferred a large portion of the stolen funds, with transaction data revealing that $155 million in Ether (ETH) was transferred. 

Tickers are down $1,636. On January 23, it was transferred to a decentralised exchange (DEX).

The wormhole was the third-largest crypto hack in 2022 after the protocol’s token bridge was compromised on February 2, 2022, resulting in the loss of 120,000 wrapped ETH (wETH) worth $321 million.

According to the alleged hacker’s wallet address’s transaction history, the most recent activity shows that 95,630 ETH was sent to the open ocean DEX and then converted into ETH-pegged assets such as Lido Finance’s staked ETH (stETH) and wrapped staked ETH (wsETH) (wstETH).

Digging deeper into the transaction history, crypto community members such as @spreekaway noted that the hacker went on to conduct a slew of strange transactions.

For example, the hacker used their stETH holdings as collateral to borrow 13 million DAI stablecoins before exchanging them for more stETH, wrapping them into stETH again, and borrowing some more DAI.

Notably, the Wormhole team has taken advantage of the opportunity to offer the hacker a $10 million bounty if they return all of the funds after leaving an embedded message conveying such in a transaction via the Wormhole: Deployer. According to Dune Analytics data, the hacker’s large ETH transaction appears to have had a direct impact on the price of stETH. The asset’s price rose from 0.9962 ETH on January 23 to as high as 1.0002 ETH the next day before falling back to 0.9981 at the time of writing. With the Wormhole hack likely to garner even more attention considering the latest incident, blockchain security firms such as Ancilia, Inc., warned on January 19 that searching the keywords “Wormhole Bridge” in Google is now displaying promoted ad websites that are actually phishing operations. 

The community has been warned to be cautious about what they click on when searching for this term.


Share to Social Media

Recent Articles

Join Our Newsletter