According to transaction data, the hacker who was responsible for the $321 million Wormhole bridge breach has moved a substantial portion of the stolen cash. On January 23, the hacker transferred $155 million worth of Ether (ETH) to a decentralised exchange (DEX).
The Wormhole hack was the third greatest cryptocurrency theft in 2022. This occurred after an issue was discovered on February 2 in the protocol's token bridge. This attack led to the theft of 120,000 Wrapped ETH (wETH), which had a total value of around $321 million.
According to the transaction history of the alleged wallet address used by the hacker, the most recent activity shows that 95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets such as Lido Finance's staked ETH (stETH) and wrapped staked ETH. This information was gleaned from the blockchain transaction history of the alleged wallet address used by the hacker.
After doing more research into the transaction history, members of the cryptocurrency community such as Spreekaway discovered that the hacker went on to carry out a number of transactions that seemed to be strange.
For instance, the hacker utilised their holdings of stETH as collateral to borrow 13 million worth of the DAI stablecoin, which they then exchanged for more stETH, wrapped in more stETH, and then used to borrow some more DAI.
Notably, the Wormhole team has taken use of the chance to once again give the hacker a reward of $10 million if they return all of the cash. An encoded message in a transaction communicates this information to the hacker.
According to statistics provided by Dune Analytics, the substantial amount of ETH that was transacted by the hacker seems to have had a direct effect on the price of stETH.
The price of the asset began the day slightly below its peg of 0.9962 ETH on January 23, and it reached a high of 1.0002 ETH the next day before falling back to its previous level of 0.9981 ETH at the time of this writing.
Blockchain security companies such as Ancilia Inc. issued a warning on January 19 that searching the keywords "Wormhole Bridge" in Google currently shows promoted ad websites that are actually phishing operations. This is likely to attract more attention to the Wormhole hack in light of the most recent incident.
The community has been cautioned to use extreme caution on the content of the links they click on in relation to this phrase.