The hacker behind the $321 million Wormhole bridge attack has exchanged a large portion of the stolen funds, with transaction data showing Ether is worth $155 million (ETH) was transferred to a decentralized exchange (DEX) on January 23.
The Wormhole trick was the third largest cryptohack in 2022after the protocol token bridge suffered a feat on February 2, 2022, which resulted in the loss of 120,000 wrapped ETH (wETH) worth approximately $321 million.
According to the transaction history from the hacker's alleged wallet address, the most recent activity shows that 95,630 ETH was sent to OpenOcean DEX and then converted into ETH-pegged assets, such as ETH staked from Lido Finance (stETH) and wrapped staking (wstETH).
We are looking at address 0x629e... Wormhole Network Exploiter swap 95,630 Ether (~$155M) to stETH
Stay safe! pic.twitter.com/ZR6zxlRuKX
โ CertiK Alert (@CertiKAlert) January 23, 2023
Delving into the transaction history, members of the crypto community like @spreekaway also highlighted that the hacker made a series of strange-looking transactions.
For example, the hacker used his stETH holdings as collateral to borrowing 13 million in the DAI stablecoin, before trading it for more stETH, wrapping it back in stETH, and then borrowing more DAI.
The Wormhole exploiter has converted your ETH to wstETH and it looks like it will borrow DAI against it. pic.twitter.com/9rhERSMG5u
โ Speak (@speakaway) January 23, 2023
Notably, the Wormhole team took the opportunity to once again offer the hacker a $10 million reward if he returns all the funds, after he left an embedded message broadcasting such a transaction via Wormhole: Deployer.
The hacker's strong ETH transaction appears to have had a direct impact on the stETH price according to data from Dune Analytics. The asset's price went from being slightly below parity at 0.9962 ETH on January 23 to 1.0002 ETH the next day, before falling back to 0.9981 at the time of writing.
Related: North Korea's Lazarus Group Masterminded $100M Harmony Hack: FBI Confirms
With the Wormhole hack likely to draw more attention in light of the latest incident, blockchain security firms like Ancilia, Inc. warned on Jan. 19 that searching for the keywords โWormhole Bridgeโ on Google currently returns sites web of promoted ads that are actually phishing. operations.
The community has been warned to be diligent about what you are clicking on in relation to this term.
#identity fraud alert When you search for "wormhole bridge" on Google, many of the "ads" entries are actually a phishing site. E.g
hxxps://agujerogusanopuente-multicadena.com/
hxxps://portaltoken-wormholebridge.com. Be careful what you click and stay safe! pic.twitter.com/C6JW2xeaUh-Ancilia, Inc. (@AnciliaInc) January 19, 2023