Note that the Wormhole blockchain bridge hack was one of the major hacks of 2022. The losses were estimated at 326 million, with Jump Crypto able to recoup the losses.

However, the hack was not the most significant failure of the year in the crypto niche. According to analysts, it was the bankruptcy of cryptocurrency exchange FTX that caused more financial damage to investors. The losses in the incident were almost twice as large as in the Wormhole case.

The developers of the platform have now recovered most of the coins. However, things haven’t gone so smoothly here either in terms of decentralisation.

How cryptocurrency hackers are fought

The hacker ended up transferring the stolen tokens to various wallets and decentralised protocols. One of them was Oasis, whose team worked with UK government authorities and a Wormhole developer called Jump Crypto to recover the funds. And the event was a notable one – primarily because of the volume of assets recovered.

According to Cointelegraph’s sources, the Oasis team published the gist of what happened on its blog. Here is a relevant quote from this publication.

On 21 February 2023 we received an order from the High Court of England and Wales to take all necessary steps that will result in the recovery of certain assets associated with the wallet address involved in the February 2, 2022 Wormhole attack. This was done as required by the court order, as required by law, with the help of a multi-signed wallet and a court-authorised third party.

That is, in this case, permission to refund by any available means was granted by the court. As a result, this detail, among others, has drawn criticism from fans of decentralised assets.

Oasis representatives also confirmed that the seized funds had been transferred to a third-party wallet – they are the ones who can now manage the money. This decision came not from the management of Oasis but from a court order. Well that third party is Jump Crypto.

The transaction history of the Oasis vaults shows that 120,695 wsETH and 3,213 rETH, which are different versions of the native token of the Etherium network, were withdrawn. The hacker also had a debt of 78 million DAI Stablecoin tokens. The funds were reportedly withdrawn to a Jump Crypto wallet as well.

In addition, the Oasis team’s post also focused on the process of withdrawing funds from the hacker’s wallets itself. Company representatives continue.

Our team first became aware of the possibility to assist in recovering the assets after a group of white hackers approached us on Thursday evening, February 16, 2023. They demonstrated the possibility of recovering the money and provided a proof of concept for how this could be achieved. What happened the day before was only made possible by a previously unknown vulnerability in a multi-signature wallet.

That is, the developers ended up using a vulnerability in their own protocol to take previously stolen cryptocurrency away from the hacker. Accordingly, they essentially hacked their platform in order to take away the user's assets. Of course, in this case we are talking about a hacker who has stolen someone else's property. However, the fact that crypto-assets can be withdrawn from a coin owner without their consent is not in line with the ideals of decentralisation, and the developers have received a portion of criticism in this regard.

As a reminder, a multisignature wallet is a special wallet that can only perform transactions with multiple private keys. In this way, the responsibility for the safety of the coins is shared between several people, which in any case increases the security of the assets. In this case, the hacker’s coins were in just such a wallet, which means that the fraudster clearly did not expect such actions from the project developers.

As we have already noted, the fact that money is transferred from a multisignature wallet without its owner’s knowledge is clearly a cause for concern without considering the context of the situation. That’s why the Oasis team wrote the following on their blog.

We emphasise that these actions were taken solely to protect user assets in the event of a potential attack, they would allow us to quickly address any vulnerability discovered. It should be noted that neither in the past nor in the present have user assets been exposed to the risk of unauthorised access.

In any case, a precedent has already been set in this case, which means that similar situations could happen in the future. Of course, developers are unlikely to touch ordinary users' money without negative merit, but the latter have somehow become aware that even the cryptocurrencies sent to the decentralised protocol do not essentially belong to them.

ShapeShift platform head and well-known Bitcoin fan Eric Voorhees responded to the situation, expecting BTC to rise to $40,000 by the summer. Here’s his quote from the tweet.

Oasis platform test. If a blockchain or app can be modified because of a court order, it is not decentralised and cannot be positioned as representative of the DeFi industry.


We believe that in this case the developers are more likely to be right than not. Still, the hacker took the money of many innocent users and created significant problems for them. Therefore, recovering the money is now a higher priority than following the ideals of decentralisation, which are also important. However, hacking the wallet repeatedly and taking the money of normal users will obviously not be done by the Oasis management, so you can relax here. However, it is safer to keep most of your coins in hardware wallets anyway.