Share this article
Wormhole Bridge Exploiter Supplies $46M to Crypto Lending Platform Maker, Buys Wrapped Ether
The exploiter may be earning returns on staked cryptocurrency.
Updated Feb 13, 2023, 3:39 p.m. Published Feb 13, 2023, 11:11 a.m.
The exploiter behind last year’s $320 million exploit of the solana-ether Wormhole bridge has exchanged part of the fraudulently gained holdings for ether and may well be earning yields on staked tokens.
Blockchain data shows exploiter wallet 0x629 supplied over $46 million in various tokens to Maker, a lending and borrowing platform, early on Monday in Asia and used the collateral to buy $16 million worth of ether.
STORY CONTINUES BELOW
The exploiter bought 9,750 ether at $1,537 apiece and 1,000 staked ether (stETH) before wrapping these tokens for upward of 9,700 wrapped staked ether (wstETH), blockchain security firm Peckshield said Monday.
The purchases temporarily created buying pressure on ether, with prices increasing to over $1,530 from $1,520.
#PeckShieldAlert The Wormhole Network Exploiter 0x629e supplied $46M worth of cryptos, including 24.4k $wstETH ($41.4M) & 3k $rETH (~$5M), to MakerDAO for 16.6M $DAI & used them to buy 9.75k $ETH ($ETH at $1,537) & 1k $stETH ($ETH at $1,543), then wrapped them for ~9.7k $wstETH pic.twitter.com/BRfygHgpit
— PeckShieldAlert (@PeckShieldAlert) February 12, 2023
Staked ether is a derivative token issued to entities that lock up ether to help maintain and validate transactions on the Ethereum blockchain. Wrapped tokens are representative tokens with the same value as their underlying asset that can be used on other blockchains.
Monday’s shenanigans continue the exploiter’s activities in the decentralized finance (DeFi) ecosystem.
In January, the same wallet swapped 95,360 ETH, worth roughly $157 million at the time, on DeFi aggregator OpenOcean and then transacted smaller amounts of capital through several decentralized finance protocols such as Kyber Network and 1Inch. The exploiter then levered up, borrowing dai stablecoins and interacting with several smart contracts on Lido, the top provider for liquid staking derivatives on Ethereum.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Top Stories
