120K ETH Lost to Wormhole Returned: Here's How the Counter-Exploit Worked

In a rare win for DeFi security, Jump Crypto just pulled off what many thought impossible—recovering the entire 120,000 ETH stolen in the 2022 Wormhole bridge hack. That’s roughly $321M in stolen wrapped ETH that’s now back under control.

The Plot Twist: A Counter-Exploit

Here’s where it gets interesting. The hacker didn’t just sit on the funds. They actually opened wstETH and rETH vaults on Oasis.app and were actively farming yield. But Oasis received a court order from the High Court of England and Wales, which led to something sneaky: a reverse exploit.

Thinking like a hacker, someone figured out how to manipulate the Oasis smart contracts and move the stolen collateral—along with the hacker’s accumulated $78M MakerDAO debt in DAI—straight into Jump Crypto’s wallets. On Feb. 21, transactions show 120,695 wsETH and 3,213 rETH moving out of the exploiter’s vaults. Gone.

Why This Matters

This isn’t just a recovery story—it’s proof that:

1. Blockchain is auditable. Every move the hacker made was traceable. No dark web mixers could hide this.
2. Courts are catching up. Legal systems now have the muscle to freeze on-chain assets, even across protocols.
3. DeFi vulnerabilities are exploitable both ways. The same smart contract flaws that enabled the original hack became the vector for recovery.

The Reality Check

DeFi hacks aren’t slowing down. But this recovery signals a shift: stolen funds aren’t necessarily gone forever. Still, Jump Crypto has been vague about how the counter-exploit worked—likely to prevent copycat attacks on other protocols holding hacker funds.

The lesson? Yield farming your stolen ETH on Oasis wasn’t the move.