Market maker Wintermute suffered a $160 million hack on Tuesday, becoming the 7ᵉ biggest hack in decentralized finance (DeFi).
Market maker Wintermute falls victim to a hack
Wintermute, a market maker specialising in algorithmic trading, has just suffered a $160m hack:
Important message from our CEO on the Wintermute hack https://t.co/YP6Pnn100S
– Wintermute (@wintermute_t) September 20, 2022
Although nothing has been confirmed yet, it seems that this hack is the result of the exploitation of a flaw in an address generation tool called Profanity. The latter allows, from a public address partly personalised, to trace back to a private key. It is therefore a useful application when you want to generate your own address.
This bug was spotted last week by 1inch :
RUN, YOU FOOLS
⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!
Read more: https://t.co/oczK6tlEqGEthereum crypto vulnerability 1inch
– 1inch Network (@1inch) September 15, 2022
Analysis of the various addresses involved on Etherescan shows that the attacker created a smart contract address in the morning. He then used it to transfer all the assets on the Wintermute smart contract. The funds could then be withdrawn to a new address:
One of the transactions in the Wintermute fund theft
Subject to the possibility that Profanity’s lack of security was the source of this hack, the attacker could in fact have retrieved the private key to the market maker’s smart contract, using the market maker’s public key.
Wintermute teams are open to discussion
In his communication, Evgeny Gaevoy, the founder and CEO of Wintermute, informed that the company is open to discussion. The hacker is thus invited to return the funds in exchange for a bounty.
In addition, Wintermute has an OTC brokerage business as well as a decentralised finance custodial operation (CeFi). According to the company, these two tables were not affected by the hack. Furthermore, Wintermute is reportedly solvent for an amount up to twice the stolen sum.
Regarding the hack itself, the $160 million stolen would place it in the 7ᵉ spot of the biggest attacks in decentralised finance (DeFi).
According to observations by SlowMist, a blockchain security specialist, the attacker would have started to leverage his larceny on protocols like Curve (CRV):
Using @DeBankDeFi , we can see the hacker’s already earning some yield on ~114M by depositing it into @CurveFinance liquidity pool. pic.twitter.com/G2qiN0smXa
– SlowMist (@SlowMist_Team) September 20, 2022
After this call for discussion, it will now be a question of whether he chooses the white hat route, or prefers to continue generating returns with stolen money.
