News
Summer.fi recovered $140m of stolen Wormhole funds with help of whitehat hackers Summer.fi recovered $140m of stolen Wormhole funds with help of whitehat hackers

Summer.fi recovered $140m of stolen Wormhole funds with help of whitehat hackers

Summer.fi exploited a vulnerability in its own admin multisig to regain those funds.

Summer.fi recovered $140m of stolen Wormhole funds with help of whitehat hackers

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Summer.fi worked with a whitehat hacking group to retrieve funds stolen from Wormhole, according to a post from the former project on Feb. 24.

On Feb. 2, Solana’s Wormhole bridge was exploited for a sum of cryptocurrency now estimated at $326 million. The attacker later moved a portion of those funds.

Summer.fi, a DeFi platform and exchange that the attacker relied upon during one step of the attack, soon became involved in the recovery effort.

Summer.fi disclosed today that, on Feb. 21, it received an order from the High Court of England and Wales requiring it to take steps to retrieve certain stolen assets.

To do so, Summer.fi chose to work with a whitehat hacking group that had previously proposed a way to retrieve the stolen assets on Feb. 16. The two groups executed the strategy on Tuesday and sent the recovered assets to a court-authorized third party.

Summer.fi said that this recovery strategy was only possible to a “previously unknown vulnerability” in its own admin multisig access. The project said that this access existed solely to protect user assets, added that user funds have never been at risk, and insisted that it could have patched any vulnerability that was otherwise reported.

Though Summer.fi did not identify the whitehat hacking group behind the recovery strategy, a report from Blockworks suggests that Jump Crypto was responsible. That report also suggests that $140 million worth of assets were recovered after costs.

The fact that Summer.fi used a questionable method to recover stolen assets will likely cause controversy. Decentralization advocates might argue that the purpose of blockchain is to provide one with sole control over one’s assets — for better or for worse.

Update Tue, Oct. 17: Fixed the mention of the protocol involved to Summer.fi.

Mentioned in this article
Posted In: , DeFi, Hacks