According to a recent announcement by Oasis Network on February 24th, the decentralized finance (DeFi) platform had collaborated with whitehat hackers to recover funds that had been stolen from Solana’s Wormhole bridge.
On February 2nd, Wormhole had been hacked, and it was estimated that around $326 million worth of cryptocurrency had been stolen, with the attacker later transferring some of these funds.
Wormhole connects Solana to other leading DeFi (decentralized financial infrastructure) networks. As a result of Solana’s high speed and cheap cost, tokenized assets can be transferred between blockchains without disrupting ongoing projects, platforms, or communities.
The Wormhole Network exploiter has been busy over the past weeks. The hacker, who transferred $150 million worth of stolen assets in January, has redistributed more funds on Feb. 12, according to PeckShield.
Ethical Hackers To The RescueOasis, the developer of the multi-signature wallet software into which the hacker placed funds, revealed in a blog post that whitehats just alerted them to “a previously unknown weakness in the design of the admin multisig access.”
Now, in response to a February 21 ruling from the High Court of England and Wales, it exploited this flaw to recover the cash.
In order to accomplish this, Oasis decided to collaborate with a group of ethical hackers known as “white hats,” who on February 16 had suggested a method for recovering the stolen assets.
On Tuesday, the two groups put the plan into action and delivered the recovered assets to a third party that had been permitted by the court.
“We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order,” the announcement reads.
“We retain no control or access to these assets,” Oasis Network added in the blog post.
White Hat Vs. Black Hat HackersWhen it comes to protecting networks, white hat hackers are the ones to call. Hackers that figuratively wear so-called white hats deliberately seek for and report security flaws so that they may be patched before they are exploited in attacks.
Hackers with malicious intentions, sometimes known as “black hats,” are the ones that try to disrupt networks, steal information, or compromise systems.
While Oasis did not reveal the identity of the whitehat hacking group, Blockworks reported that Web3 infrastructure company Jump Crypto may have been behind the recovery effort.
The report also suggested that after costs, $140 million worth of assets had been recovered.
Meanwhile, the project emphasized that user funds had never been at risk and that they could have patched any reported vulnerabilities.
The use of a questionable method to recover stolen assets may be controversial and could be challenged by decentralization advocates who argue that blockchain should provide individuals with sole control over their assets.
https://bitcoinist.com/hackers-help-oasis-recover-stolen-crypto/....
Interesting story here:
Oasis, the developer of the multi-signature wallet software into which the hacker placed funds, revealed in a blog post that whitehats just alerted them to “a previously unknown weakness in the design of the admin multisig access.”
Now, in response to a February 21 ruling from the High Court of England and Wales, it exploited this flaw to recover the cash.
This raises a number of questions. Would users of a wallet app support or oppose the existence of these previously unknown weaknesses in the design of multisig access? In essence its not so different from paypal or a bank reversing a transaction. However, the weakness being undocumented invokes a security through obscurity format. Rather than one where transactions might only be reversed through a verification process with safeguards. Meaning anyone who invests the time and effort might eventually reverse engineer and identify the weakness. Enabling them to use it themselves for their own purposes.
Perhaps we are entering a modern world where this is no longer a major concern for many. It has been a long time since I have seen anyone raise ethical or moral concerns about the direction software engineering is heading. All of the "robots are taking our jobs" people seem to have mysteriously disappeared. And so who knows what the future holds.
