The hacker of Wormhole, one of the largest cross-chain bridges between Solana and other blockchains, has moved stolen funds of $155 million worth of ETH for the first time in months to a decentralized exchange.

Blockchain data by analytic platform CertiK revealed that 95,630 ETH was sent to the OpenOcean DEX before being converted into ETH-pegged assets such as Lido Finance’s staked ETH (stETH) and wrapped staked (wstETH).

• The exploiter then used the wrapped staked Ether (wstETH) as collateral to take a $13 million loan in the stablecoin DAI, in a bid to buy nearly 7,989.5 ETH via KyberNetwor. The trades were repeated multiple times.
• Following the sudden burst of on-chain activity, the Wormhole team offered the hacker a bounty of $10 million once again in an embedded message in a transaction via the Wormhole: Deployer, which read,

“We would like to reiterate our previous offer of a $10 million bounty for the total return of all the stolen funds. You can reach out to us at [email protected] or reply on chain.”

• With the renewed activity, a cybersecurity firm, Ancilla, has issued a warning that many of the ad entries shown by Google for keywords “Wormhole Bridge” are, in fact, phishing websites.
• The Wormhole exploit was one of the biggest hacks in 2022. The hacker exploited a vulnerability in the validation system of the popular cross-chain protocol, enabling them to fraudulently generate wrapped ETH, which was then used to convert into ETH.
• Across a slew of transactions, the hacker made off with nearly 120,000 Wormhole Ethereum (WeETH) worth over $320 million.