'Counter-Exploit' Claws Back $202M From Hacker

U.K. Court Orders to Retrieve Stolen Assets from DeFi Heist

By: Aleksandar Gilbert and Samuel Haig Loading...

'Counter-Exploit' Claws Back $202M From Hacker

It may be an unprecedented event in crypto — the counter-exploit. And it just took place thanks to a British judge’s ruling linked to the second-biggest hack in DeFi history.

On Feb. 21, a judge in the High Court of England and Wales ordered, a gateway for the DeFi lender MakerDAO, to “take all necessary steps” to retrieve assets that were stolen as part of a $320M heist last year, according to a statement from Oasis.

Hacking the Hacker

Working with Jump Crypto, an investment firm, Oasis clawed back $202M worth of stETH and rETH from the hacker, the company said. The counter-exploit — essentially, hacking the hacker — marks a new front in the battle to defend DeFi assets from thieves.

The action stems from the Wormhole exploit back in February 2022. Hackers stole more than $320M from the Wormhole cross-chain bridge, an exploit in DeFi exceeded only by the Poly Network hack in August 2021. The Wormhole attacker moved the stolen assets through several Ethereum-based dApps, including

Traders Speculate on Goerli Even as Ethereum Devs Move On

Traders Speculate on Goerli Even as Ethereum Devs Move On

Action Mounts on Goerli ETH Despite Switch to Holli Testnet

The Defiant The Defiant said white-hat hackers informed them of “a previously unknown vulnerability in the design of the admin multisig” on Feb. 16. The vulnerability enabled the counter-exploit to take place.

Oasis said they adopted an admin multisig to “protect user assets” by allowing the team to patch any vulnerabilities identified in its code. “It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party,” the team added.


The incident has garnered criticism from the crypto community, with Oasis copping flak for facilitating the so-called counter-exploit.

“As much as I love the Wormhole hacker getting pwned, what I don’t love is that MakerDAO’s Oasis Automation has a backdoor that let them seize assets from a user based on a court order,” Adam Cochran of Synthetix tweeted. “What happens when US courts demand they seize from U.S. users in the future?” is a front-end interface for MakerDAO, the No. 2 DeFi protocol. allows users to mint the DAI stablecoin against collateral or access directional exposure to crypto assets. The project spun out from MakerDAO in June 2021 when the Maker Foundation dissolved.

MakerDAO issued a statement clarifying that it does not have control over any of the front-end providers or products that enable access to Maker’s vaults.

“The Maker Protocol is a decentralized smart contract system that is publicly deployed on Ethereum, allowing any provider to connect its user-interface solution in a permissionless and decentralized manner,” it tweeted. “None of the available frontends that connect to the Maker Protocol are developed or maintained by MakerDAO.”

The Wormhole Hack was the second-largest DeFi exploit, highlighting the security vulnerabilities associated with cross-chain bridges. It now ranks fifth, according to Rekt, with four of the top five attacks targeting cross-chain bridges.