Researchers noticed that attackers of Wormhole protocol started injecting stolen funds into staking mechanisms
After being silent for almost a year, the group that attacked Wormhole bridge mechanism, with $325 million stolen, started actively moving the funds around. Some DeFi experts call the attacker “one of us.” Why?
Ethers (ETH) from Wormhole hack are on the run: Details
Yesterday, Jan. 23, 2023, Crypto Twitter noticed the spike of activity on the account involved in the Wormhole hack in March 2022. In two transactions, malefactors wrapped over 180,000 Ethers (ETH) into Staked Ethers (stETH) on Lido Finance (LDO).
Wormhole exploiter has converted his ETH to wstETH and is going to borrow DAI against it it seems. pic.twitter.com/9rhERSMG5u
— Spreek (@spreekaway) January 23, 2023
Then, they borrowed Dai (DAI) stablecoins, using stETH as collateral. In total, almost $15 million in DAI was loaned and then swapped for an additional portion of stETH. Thanks to their activity, the price of stETH spiked and the 1:1 peg to the ETH rate were lost.
As such, the Wormhole attacker became one of the largest stakers on Lido (LDO), receiving thousands of wstETH for his/her contribution. While some commentators suggested that he/she might just be trading with leverage, others are sure that money laundering is the actual purpose of this sophisticated operation that is still ongoing.
As per DappRadar analytical tracker, the activation of the Wormhole attacker’s wallet resulted in a 43.6% spike of operational volume for Lido; LDO token is also up by 10% in 24 hours.
As covered by U.Today previously, an attack on Wormhole became the first massive DeFi hack of 2022. The fraudsters managed to mint 120,000 Wrapped Ethers (wETH) on the Solana (SOL) blockchain without providing collateral.
In a few weeks, 120,000 ETH losses were compensated by Jump Crypto firm.
Why is this dangerous?
Andrew Kang of Mechanism Capital semi-ironically suggested that the attacker might be interested in doubling his/her stake in order to compensate the victims:
Wormhole exploiter starting to degen lever long his $150m $ETH position. Truly one of us.
However, some other commentators are less optimistic. By obtaining such a massive stake in DeFi tokens, the attacker can easily “rug” the governance system of a large-scale DeFi protocol, they claim.
Also, this strategy unlocks opportunities for price manipulations and the de-pegging of even more assets.