Main navigation

Wormhole Bridge Attackers Started Moving Stolen Ethers (ETH)

Tue, 01/24/2023 - 13:25
article image
Vladislav Sopov
Researchers noticed that attackers of Wormhole protocol started injecting stolen funds into staking mechanisms
Wormhole Bridge Attackers Started Moving Stolen Ethers (ETH)
Cover image via
Read U.TODAY on
Google News

After being silent for almost a year, the group that attacked Wormhole bridge mechanism, with $325 million stolen, started actively moving the funds around. Some DeFi experts call the attacker "one of us." Why?

Ethers (ETH) from Wormhole hack are on the run: Details

Yesterday, Jan. 23, 2023, Crypto Twitter noticed the spike of activity on the account involved in the Wormhole hack in March 2022. In two transactions, malefactors wrapped over 180,000 Ethers (ETH) into Staked Ethers (stETH) on Lido Finance (LDO).

Then, they borrowed Dai (DAI) stablecoins, using stETH as collateral. In total, almost $15 million in DAI was loaned and then swapped for an additional portion of stETH. Thanks to their activity, the price of stETH spiked and the 1:1 peg to the ETH rate were lost.

As such, the Wormhole attacker became one of the largest stakers on Lido (LDO), receiving thousands of wstETH for his/her contribution. While some commentators suggested that he/she might just be trading with leverage, others are sure that money laundering is the actual purpose of this sophisticated operation that is still ongoing.

As per DappRadar analytical tracker, the activation of the Wormhole attacker's wallet resulted in a 43.6% spike of operational volume for Lido; LDO token is also up by 10% in 24 hours.

As covered by U.Today previously, an attack on Wormhole became the first massive DeFi hack of 2022. The fraudsters managed to mint 120,000 Wrapped Ethers (wETH) on the Solana (SOL) blockchain without providing collateral.

Top 10 Crypto Scams and Hacks of 2022

In a few weeks, 120,000 ETH losses were compensated by Jump Crypto firm.

Why is this dangerous?

Andrew Kang of Mechanism Capital semi-ironically suggested that the attacker might be interested in doubling his/her stake in order to compensate the victims:

Wormhole exploiter starting to degen lever long his $150m $ETH position. Truly one of us.

However, some other commentators are less optimistic. By obtaining such a massive stake in DeFi tokens, the attacker can easily "rug" the governance system of a large-scale DeFi protocol, they claim.

Also, this strategy unlocks opportunities for price manipulations and the de-pegging of even more assets.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)