High Court orders ethical crypto hack: Tai Mo Shan Limited v Oazo Apps Limited (2023) (unreported)

The Wormhole hack

Wormhole is a 'cross-chain protocol' that facilitates the transfer of cryptoassets from one blockchain to another. 

In February 2022 unknown hackers stole cryptocurrency tokens worth over $320 million from Wormhole. The application underpinning the protocol allowed its users to, in effect, move cryptoassets from one blockchain to another by holding the deposited cryptoasset and creating a 'collateralised' or 'wrapped' version of it on another blockchain. For example, an Ethereum ETH token on the Ethereum blockchain could be swapped for a 'wETH' token (the w standing for wrapped) on the Solana blockchain. The 'wrapped' version could later be redeemed for the original asset on a 1:1 basis.

The hackers exploited a vulnerability in the underlying code that allowed the generation of wrapped tokens without first depositing the corresponding token. The hackers were therefore able to create 120,000 tokens of wETH which they immediately redeemed against the ETH held by Wormhole at that particular time (i.e. the ETH deposited by other users).  They then transferred the ETH to various wallets that they controlled.

The hack had the potential to destroy Wormhole because following the hack there was no longer sufficient deposited ETH for the holders of wETH tokens to redeem against. The claimant, Tai Mo Shan Limited (TMSL), a Cayman Islands company which had a vested interest in the viability and security of Wormhole, stepped in less than 24 hours after the hack and replenished the missing ETH with its own reserves.  In exchange, TMSL was assigned the rights, title and interests in the stolen assets.³

It is possible to interrogate the Ethereum blockchain⁴ to explore the timeline of the hack by looking at one of the Ethereum wallets controlled by the hackers (the Ethereum Wallet). Of particular interest is that the operators of Wormhole attempted to reach out to the hackers in the immediate aftermath of the hack, by embedding text data in a small ETH transfer sent to the Ethereum Wallet.⁵

The embedded data can be run through a decoder⁶ to reveal the following message:

"This is the Wormhole Deployer:

We noticed you were able to exploit the Solana VAA verification and mint tokens. We �d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you �ve minted. You can reach out to us at contact@certus.one"

The hackers did not take up the Wormhole operators on their offer.

The same method also reveals a number of other messages sent to the hackers, including from holders of wETH reacting to the news. The tone of the reactions ranges from opportunistic to desperate, for example:

"Hello, I got margin called 250k cause of this. Been a rough time cause of the bear market.

Share? But also congrats […]"⁷

"OKAY, OKAY, OKAY, I NEED WORMHOLE EXPLOITER TO TAKE THE $10M DEAL, LIKE RIGHT NOW. I CAN'T TAKE THIS ANYMORE. EVERYDAY I'M CHECKING WHETH AND IT'S EMPTY. EVERYDAY I CHECK WORMHOLE, NO LIQUIDITY. I CAN'T TAKE THIS ANYMORE MAN. I HAVE OVER-INVESTED, BY A LOT. IT IS WHAT IT IS BUT I NEED THE PRICE TO GO UP. […]"⁸

The hackers did not respond to any of these messages and appear to have laid low for a period following the hack.

Hackers resume activity in 2023

The hackers eventually resumed activity in January 2023, almost a year after the hack. First, the hackers consolidated most of the stolen assets into the Ethereum Wallet and then, through the decentralised finance application Oasis, deposited those assets into so called "vaults" provided for by the application against which they could be used as collateral to borrow other digital assets. The hackers appear to have borrowed the Ethereum blockchain-based stable coin DAI, which they in turn used to buy the digital tokens wstETH⁹ and rETH¹⁰.

The ethical hack

TSML learned in February 2023 that the Oasis application had the technical ability to seize certain of the digital assets that were in the Ethereum Wallet insofar as they utilised the application. TSML therefore applied to the English High Court for an order that Oazo seize the relevant assets.  This was granted on 21 February 2023.

The critical paragraph of the order is as follows:

"4. The Respondent [i.e. Oazo Apps Limited, the operator of Oasis] shall (subject to paragraph 5 below) take all necessary steps as soon as reasonably practicable to bring about the seizure and securing of all assets that can be seized and secured and which are currently located in the wallet with public address x629e7da20197a5429d30da36e77d06cdf796b71a (“Ethereum Wallet A”, as referred to in the affidavit of Jonathan Claudius), by facilitating, procuring or effecting transfers of those assets so that they are ultimately held at the public (wallet) addresses on the Ethereum blockchain whose private key is controlled by Kobre & Kim UK LLP, which public (wallet) address [Redacted]."

The same day the relevant assets (the wstETH and rETH tokens) in the Ethereum Wallet were seized and, per the order, transferred to a wallet on the Ethereum blockchain controlled by the law firm law firm acting for TSML (the Recovery Wallet).

As at the date of this article those assets remain in the Recovery Wallet. The approximate value of the seized assets in the Recovery Wallet is c. $429 million (a higher figure than the dollar value of the Wormhole hack, which reflects the increase in the value of cryptocurrencies in the intervening period).

Oazo appears to have been compensated for executing the 'ethical hack' albeit after the event, having argued that it qualified for a bounty that Wormhole had announced in February 2022 for, amongst other things, information leading to the recovery of the stolen assets.¹² The compensation is addressed in an affidavit¹³ filed on behalf of TSML in proceedings relating to the matter in the US¹⁴:

"[…] On May 9, 2023, TMSL and Oasis entered into [a?] confidential settlement agreement in respect of any claim that Oasis may have to the $10 million reward (on the grounds that Oasis has provided "information leading to the ... recovery of the stolen assets")."

The US proceedings

A few days after the Oazo seizure, TSML initiated proceedings in the US against the individuals behind the Wormhole hack or 'John Doe no.s 1-100'¹⁵ as they appear in the relevant summons.¹⁶ On 26 March 2024 default judgment was entered permitting TSML to rely upon the judgment to obtain the rights to the seized assets and commence any necessary proceedings to identify the unknown fraudsters or the location of other stolen assets.¹⁷

Comment

To the authors' knowledge, this case represents the first instance of the English court ordering 'ethical hacking' to assist in recovering stolen crypto. 

It showcases the wide-ranging powers of the court to assist victims of crypto fraud. It also illustrates an issue that frequently arises in cryptoasset tracing where stolen assets are transferred to a private wallet where they remain, at least temporarily, inaccessible (as happened here between the hack in February 2022 and the deposit with Oasis in January 2023). However, in such circumstances the wallet can be monitored before action is then taken should the assets be moved to a location where they can be intercepted when the fraudsters attempt to 'cash out'.

Finally, it also illustrates the public nature of the blockchain and the ability to track, trace and monitor stolen crypto in a manner far beyond what is possible with fiat currency.  This inevitably gives cause for optimism for victims of crypto fraud, even if the path to making recoveries remains uncertain, long and often expensive. 

(1) To the authors' knowledge.

(2) Accessible here: https://iapps.courts.state.ny.us/nyscef/DocumentList?docketId=PE6l_PLUS_YSqugbfDL9/PNYAxQ==&displ

(3) A copy of the assignment agreement can be found here: https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=LVZn_PLUS_5UNipPTP0bIsoMB2g==

(4) Using https://www.blockchain.com/explorer

(5) https://www.blockchain.com/explorer/addresses/eth/0x629e7da20197a5429d30da36e77d06cdf796b71a

(6) https://www.dcode.fr/ascii-code

(7) https://www.blockchain.com/explorer/transactions/eth/0x4f1e08ad34ab074d03668472be6db308abf23614c25a80df9adf35bd82d969f7

(8) https://www.blockchain.com/explorer/transactions/eth/0xadf2c4b29f4ee090e25eeb5c32bf16d6dcd91540e3c6b65c23b61291e396835b

(9) A wrapped version of stETH, a token that represents staked ETH in Lido. Lido a staking protocol for the Ethereum network. See https://atomicwallet.io/academy/articles/what-is-steth

(10) A liquid token that represents a users' share of ETH that has been deposited into Rocket Pool, another staking protocol for the Ethereum network. See https://support.metamask.io/metamask-portfolio/stake/liquid-staking/what-is-rocket-pool-and-reth/

(11) As at 24 May 2024. Price of wstETH: https://coinmarketcap.com/currencies/lido-finance-wsteth/,

Price of rETH: https://coinmarketcap.com/currencies/rocket-pool-eth/

(12) The wording of the bounty was as follows "A $10,000,000 reward is offered for any information leading to the arrest and conviction of those responsible for the hack of Wormhole on February 2, 2022, or the recovery of the stolen assets," https://www.techtarget.com/searchsecurity/news/252513054/Wormhole-offers-10M-to-Ethereum-thieves

(13) The affidavit of Jonathan Claudius dated 13 October 2023 filed https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=z07OC2/HSXBjJSBMr1rb_PLUS_w==

(14) https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=0fXwxvv5v163bEmNzYobww==    

(15) A regime similar to the 'persons unknown' regime in England.

(16) https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=0fXwxvv5v163bEmNzYobww==

(17) https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=xVCaA0Npvm7FbFQ_PLUS_Or4B2g==