More than US$400 million of hacked ETH has been successfully recovered 16 months after a well-publicised hack of the Wormhole Portal, a blockchain ‘bridge’ providing a cross-chain messaging protocol by which cryptocurrency tokens can be locked on one chain and wrapped versions of them can be issued on another blockchain. Within 24 hours of that hack, Tai Mo Shan Limited (‘TMSL’), which had an interest in ensuring the viability and security of Wormhole, had stepped in and deposited the missing ETH into the Wormhole Portal to ensure that innocent users of Wormhole would not lose out.

A year later, without moving the hacked crypto from the hacker’s blockchain wallet, the hacker used that crypto as security to borrow other crypto, via a decentralised finance application, Oasis, designed by Oazo Apps Limited (‘Oazo’), an English company.  Acting with extreme urgency, Nik Yeo and Aaron Taylor (with Jacob Turner at the return date of the injunction) working with the English and New York offices of Kobre & Kim (Kiran Uni, Andrew Stafford KC, Jake Calvert, Nicholas Surmacz and Steven Perlstein), devised and implemented a process for recovery of that hacked crypto, through a unique combination of Orders and Judgments of the English and New York Courts.

Most notably, TMSL obtained an unusual urgent interim proprietary injunction from the English Court against Oazo, as a non-cause of action defendant in support of contemplated proceedings in New York, requiring Oazo to take steps to modify its application to gain access to, and then seize the hacked crypto assets directly from, the hacker’s blockchain wallet, even though the private key was still held by the hacker.  The seized assets were transferred to a blockchain wallet controlled by the claimant’s English solicitors, to be held pending the outcome of the New York proceedings.

Those New York proceedings were then commenced against the hacker for, among other things, a declaration that the seized assets belonged to TMSL on the basis of (among other grounds) the New York legal theory of equitable subrogation.  Default judgment was obtained in New York against John Does (persons unknown), and that judgment was then recognised and enforced in separate (what is believed to be first-of-their-kind) English proceedings as a judgment in rem.  Finally the seized assets were transferred to TMSL. 

The English judgments against the hacker are at [2024] EWHC 1514 (Comm) and [2024] EWHC 2532 (Comm), the English interim injunction orders are at items 5 and 6 in the New York Court records here, and the New York Judgment is at item 70 of that link.