On-chain data reveals Wormhole exploiter conducted an enormous transaction worth $155 million from his wallet address to Lido on Jan. 23. The attacker proceeded to launder more funds in different DeFi protocols.
Wormhole attackers resurfaced again on Jan. 23 after moving $155 million of stolen cryptocurrencies to a decentralized exchange.
According to CertiK Alert, a blockchain explorer, the attacker’s address, Ox629e…, swapped 96,630 ETH (approximately $155M ) to Lido Finance’s staked ETH (stETH) and wrapped ETH (wstETH).
In a separate tweet, blockchain enthusiast Spreek also identified the hackers’ motives for using the wstETH to borrow DAI stablecoin. The move yielded 13 million DAI tokens, later converted to more stETH to borrow more DAI.
The Wormhole team offered to give the bug exploiter a bounty worth $10 million if the hacker surrendered all the funds.
According to blockchain explorer dune analytics, the transactions seemingly impacted Lido Finance’s staked ETH (stETH).
In addition, Ancilia, a Web3 cyber security partner, has warned Wormhole users of clicking phishing links run as Google Ads.
Wormhole attacker also moves USDC to a new wallet
The attacker recently transferred $2.9 million in the form of USDC to a new wallet address after several months of inactivity. The hacker took advantage of a bug on the platform’s bridge by validating a free mint of 120,000 wrapped ETH (wETH), equivalent to $325 million at the time.
The Wormhole attack went down as the third-largest crypto hack in 2022 and the third-largest on the Solana network. As a result of the hack, Wormhole added ETH on the web a few hours later to retain the wETH to ETH peg of 1:1.