<p><span style="font-weight: 400;">Following days of inactivity, the address associated with the </span><a href="https://www.theblock.co/linked/132841/256-million-in-eth-stolen-from-cross-chain-protocol-wormhole"><span style="font-weight: 400;">theft</span></a><span style="font-weight: 400;"> of $323 million worth of ETH from the cross-chain protocol Wormhole began shuffling assets, Etherscan </span><a href="https://etherscan.io/address/0x629e7da20197a5429d30da36e77d06cdf796b71a#tokentxns"><span style="font-weight: 400;">records</span></a><span style="font-weight: 400;"> show.</span></p> <p><span style="font-weight: 400;">News of the activity was first </span><a href="https://twitter.com/spreekaway/status/1617608174135312385?s=20&amp;t=9-VH5hWklCU84OH9p8bXag"><span style="font-weight: 400;">noted</span></a><span style="font-weight: 400;"> by Twitter user @Spreekaway earlier Monday.</span></p> <p><span style="font-weight: 400;">The series of swaps began as the exploiter address consolidated ETH prior to initiating a </span><a href="https://etherscan.io/tx/0x5b7a789deafa61792c62e17f2b18e8a76ca995b77853ba54d20d755a98120a5b"><span style="font-weight: 400;">swap</span></a><span style="font-weight: 400;"> for 95,630 ether ($157.2 million) into staked ether (stETH) via the DEX aggregator OpenOcean.</span></p> <p>After that the stETH was swapped for 86,473 wrapped staked ETH (wstETH), Lido’s form of liquid staked ether, which is compatible with DeFi trading platforms.</p> <p><span style="font-weight: 400;">With the wstETH as collateral, the hacker took out a $13 million DAI </span><a href="https://etherscan.io/tx/0xbb0dee4a7f682dc5d8778c0f842b25f937f02663f6b3764813abac72956c31ae"><span style="font-weight: 400;">loan</span></a><span style="font-weight: 400;"> that was used to buy roughly 7,989.5 ETH via KyberNetwork, according to blockchain </span><a href="https://etherscan.io/tx/0x46ef8e46fc49346f233b8a05b055d60354dfb0dabd1af3e0c6989022796e7630"><span style="font-weight: 400;">data</span></a><span style="font-weight: 400;">. The hacker repeated the process to continue leveraging up.</span></p> <p><span style="font-weight: 400;">“Either this guy is just having fun on-chain with exploited assets or has some long position on stETH when he decided to make the trade,” said Steven Zheng, The Block’s director of research.</span></p> <p><img class="aligncenter size-full wp-image-204856" src="https://www.tbstat.com/wp/uploads/2023/01/Screen-Shot-2023-01-23-at-2.00.10-PM.png" alt="Dune Analytics stETH" width="1874" height="980" /></p> <p><span style="font-weight: 400;">The magnitude of the trade was felt in markets, causing stETH to repeg, according to </span><a href="https://dune.com/mtgypes/stetheth"><span style="font-weight: 400;">Dune Analytics</span></a><span style="font-weight: 400;">.</span><span style="font-weight: 400;"> </span></p> <p><span style="font-weight: 400;">Wormhole responded to the exploiter reiterating its offer to capitulate with a $10 million bounty award “for the return of all stolen funds” in an </span><a href="https://etherscan.io/tx/0x63d83b510a744b00f8e33470873ce4e53a5551e39ece35e45a5ca202b471a913"><span style="font-weight: 400;">on-chain message</span></a><span style="font-weight: 400;">.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>