Readers might remember the curious heist of Wormhole, the inter-blockchain bridge that linked assets between the blockchains of Ethereum and Solana. Not only was it history’s largest bridge loss at $325 million, it was also championed by fraudster Sam Bankman-Fried and capitalized by a multi-billion dollar trading firm, Jump. A large amount of those funds are now being used to buy stETH on margin.
Incredibly, Jump Crypto bailed out that entire sum within hours. Admittedly, Jump was a prior investor in Wormhole, not to mention its potential exposure to open investments across Solana and Ethereum blockchains at the time. Nevertheless, its swift rescue left many observers part impressed, part stunned, and wholly questioning how such a large “hack” could receive immediate forgiveness.
Now, on-chain forensics has linked those funds to a leveraged bet on LidoDAO, Ethereum’s largest staking service.
On January 30, 2023, Chainalysis detected the first movements of the stolen Wormhole Ether. The owner used a series of looping transactions involving LidoDAO’s staked ETH (stETH) and MakerDAO’s stablecoin DAI to become the world’s fifth-largest stETH holder.
Known as a liquid staking token, 1 stETH is a promissory note of sorts. 1 stETH is supposed to equal 1 ETH when Ethereum finalizes its Shanghai upgrade this year to allow withdrawals from its Beacon Chain. Shortly after that time, LidoDAO plans to allow holders to use Lido’s protocol to redeem their stETH for ETH.
Read more: Ethereum’s largest staking service finally regains stETH peg
Recap of the Wormhole incident
In February 2022, an alleged security incident lost hundreds of millions of dollars worth of Wormhole Ether, a Solana-based asset pegged to ETH.
Solana describes Wormhole as an interoperability protocol that enables its blockchain to interact with other DeFi networks. Basically, Wormhole’s primary use case was swapping real ETH to Wormhole ETH, a Solana-based token allegedly pegged to the price of ETH.
According to an updated Chainalysis report, the February 2022 instigators converted a large amount of their Wormhole ETH into a real Ethereum asset: stETH. Within the last few weeks, they began converting their stolen Wormhole ETH into LidoDAO’s stETH. Then they used the stETH as collateral to borrow DAI, which they used to buy more stETH.
The instigators repeated the process of using stETH to buy more DAI from MakerDAO, and then buying more stETH with the DAI, and so forth, until these loops availed them of the world’s fifth largest holding of stETH.
Read more: Jump Crypto forced to save Solana with $320M bailout of its own company
Jump Crypto’s connection to Terra LUNA
Protos reported on an earlier connection between Jump Crypto and Do Kwon’s Terra LUNA — once worth $29 billion, it’s now valued at less than $1 billion.
Specifically, Kanav Kariya was president of Jump Crypto while also a member of the Luna Foundation Guard. That foundation transferred more than 52,000 bitcoin — worth more than $1.5 billion — to Jump Trading to ostensibly defend the price of Terra.
Jump’s defense failed; Terra crashed from $1 to under 1 cent. Many questions remain about what ultimately happened to that bitcoin.
Final notes on Wormhole and stETH
The new movements of Wormhole’s assets into a leveraged-long bet on Lido’s stETH implies that Wormhole attackers are not passive hackers aiming to cashout a bounty but rather active participants in today’s markets.
It is possible that the entities behind the Wormhole breach could remain one of the biggest stETH holders before Ethereum’s Shanghai upgrade activates. Shanghai will make it possible to unlock staked ether and redeem stETH for ETH through LidoDAO.
Wormhole offered a $10 million bounty for the return of stolen funds. It also launched a bug bounty program for other security vulnerabilities. In May 2022, it paid the first $10 million bounty to a white hat hacker, satya0x.
For more informed news, follow us on Twitter and Google News or subscribe to our YouTube channel.
Source: https://protos.com/wormhole-hacker-buys-lidos-steth-on-heavy-margin/