Funds from the original attack on the Solana-linked project — occurring almost a year ago — are on the move.
Funds tied to last February’s Wormhole attack appear to be on the move, according to various reports that emerged on Monday, Jan. 23.
An Ethereum address tied to the attack (0x629e7…) has moved more than $150 million of crypto.
Funds on the move
The attacker traded $157.2 million of Ethereum (ETH) for staked ETH (stETH), which they swapped for Lido’s wrapped staked ETH (wstETH) token. Next, the attacker used wstETH as collateral for a $13 million DAI loan before buying an equivalent amount of ETH.
The fact that the attacker ended the series of trades with ETH — the same asset they began with — suggests an attempt at money laundering. Swapping holdings this way could make transaction trails harder to analyze, much like using a coin mixer.
ETH user Spreek noted that an attack on Binance Smart Chain in October 2022 also saw an attacker purchase liquid staking derivatives (LSDs) with stolen cryptocurrency at a later date.
Though Spreek speculated that this could indicate a connection between the two attacks, others suggested that one attacker may have imitated the other’s strategy to obscure their activity.