Author

Topic: How Whitehat Hackers Helped Oasis Network Get Back $140 Million In Stolen Funds (Read 69 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Quote
The use of a questionable method to recover stolen assets may be controversial and could be challenged by decentralization advocates who argue that blockchain should provide individuals with sole control over their assets.

I suggest at this point that so-called "decentralization advocates" who do not want to see the recovery of hacked funds like this just sit down and watch, because at some point you're going to have to deal with not just 1, but many people who want to get their money back from somewhere - considering that there is an enormous number of credit disputes and charge-backs that occur every single day.

It is simply something that cryptocurrency can't avoid.

Now with that being said, I definitely do not want backdoors to be placed in any full node or wallet software. However, when we talk about hacks of some random bridge or altcoin thing that already has weak security to begin with, it's good that some or the damage in that area is at least reduced.
legendary
Activity: 2562
Merit: 1441
Quote
According to a recent announcement by Oasis Network on February 24th, the decentralized finance (DeFi) platform had collaborated with whitehat hackers to recover funds that had been stolen from Solana’s Wormhole bridge.

On February 2nd, Wormhole had been hacked, and it was estimated that around $326 million worth of cryptocurrency had been stolen, with the attacker later transferring some of these funds.

Wormhole connects Solana to other leading DeFi (decentralized financial infrastructure) networks. As a result of Solana’s high speed and cheap cost, tokenized assets can be transferred between blockchains without disrupting ongoing projects, platforms, or communities.

The Wormhole Network exploiter has been busy over the past weeks. The hacker, who transferred $150 million worth of stolen assets in January, has redistributed more funds on Feb. 12, according to PeckShield.

Ethical Hackers To The Rescue

Oasis, the developer of the multi-signature wallet software into which the hacker placed funds, revealed in a blog post that whitehats just alerted them to “a previously unknown weakness in the design of the admin multisig access.”

Now, in response to a February 21 ruling from the High Court of England and Wales, it exploited this flaw to recover the cash.

In order to accomplish this, Oasis decided to collaborate with a group of ethical hackers known as “white hats,” who on February 16 had suggested a method for recovering the stolen assets.

On Tuesday, the two groups put the plan into action and delivered the recovered assets to a third party that had been permitted by the court.

“We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order,” the announcement reads.

“We retain no control or access to these assets,” Oasis Network added in the blog post.

White Hat Vs. Black Hat Hackers

When it comes to protecting networks, white hat hackers are the ones to call. Hackers that figuratively wear so-called white hats deliberately seek for and report security flaws so that they may be patched before they are exploited in attacks.

Hackers with malicious intentions, sometimes known as “black hats,” are the ones that try to disrupt networks, steal information, or compromise systems.

While Oasis did not reveal the identity of the whitehat hacking group, Blockworks reported that Web3 infrastructure company Jump Crypto may have been behind the recovery effort.

The report also suggested that after costs, $140 million worth of assets had been recovered.

Meanwhile, the project emphasized that user funds had never been at risk and that they could have patched any reported vulnerabilities.

The use of a questionable method to recover stolen assets may be controversial and could be challenged by decentralization advocates who argue that blockchain should provide individuals with sole control over their assets.


https://bitcoinist.com/hackers-help-oasis-recover-stolen-crypto/


....


Interesting story here:

Quote
Oasis, the developer of the multi-signature wallet software into which the hacker placed funds, revealed in a blog post that whitehats just alerted them to “a previously unknown weakness in the design of the admin multisig access.”

Now, in response to a February 21 ruling from the High Court of England and Wales, it exploited this flaw to recover the cash.

This raises a number of questions. Would users of a wallet app support or oppose the existence of these previously unknown weaknesses in the design of multisig access? In essence its not so different from paypal or a bank reversing a transaction. However, the weakness being undocumented invokes a security through obscurity format. Rather than one where transactions might only be reversed through a verification process with safeguards. Meaning anyone who invests the time and effort might eventually reverse engineer and identify the weakness. Enabling them to use it themselves for their own purposes.

Perhaps we are entering a modern world where this is no longer a major concern for many. It has been a long time since I have seen anyone raise ethical or moral concerns about the direction software engineering is heading. All of the "robots are taking our jobs" people seem to have mysteriously disappeared. And so who knows what the future holds.
Jump to: