Crypto Market Maker Wintermute Becomes the Victim of a US$160 Million Theft
Crypto market maker Wintermute was hacked, and the thieves stole US$160 million from them
According to reports, Wintermute, a market-making firm, has been hacked for US$160 million in the latest eye-watering crypto heist. CEO Evgeny Gaevoy announced on Twitter that the company was the victim of an ongoing hack that had drained funds from its DeFi operations. A transaction flagged as an exploit on blockchain tracking service, Etherscan, revealed tens of millions of dollars in Dai stablecoin, USD Coin, Tether, Wrapped Ethereum, and other currencies transferred from the company to a wallet address labeled “Wintermute Exploiter.”
Market makers, such as Wintermute, play an important role in the cryptocurrency ecosystem by providing liquidity to exchanges and holding large amounts of various cryptocurrencies in reserve in order to instantly fulfill large buy or sell orders. Because these reserves must be accessed quickly along with certain enhanced security procedures, such as storing funds in offline “cold storage” wallets, which cannot be used since it poses a greater security risk. Wintermute, as one of the largest market-making firms, was an appealing target for hackers. The company is still solvent and has more than twice the value of the stolen funds in equity. Clients who had a market-making agreement with Wintermute would not lose money, but the service would be disrupted for a few days while the issue was resolved.
Though the exact method of attack is unknown, Blockworks reported that the attack could have been carried out by exploiting a recently discovered vulnerability in vanity wallet addresses generated by a tool called Profanity. Ethereum addresses are made up of 40 hexadecimal characters that are usually random but tools exist to generate a large number of possible addresses until one that contains a specific desired sequence, such as a word or name, is found. Researchers from the decentralized exchange network, 1inch published a blog post less than a week before the Wintermute hack detailing a vulnerability in the address generation method used by the Profanity tool, which meant that private wallet keys could be derived from addresses created using Profanity.
A hacker used the attack method to steal US$3.3 million from Ethereum addresses created using Profanity. Though it is unknown how many public addresses were generated by Profanity, the project’s GitHub repository has been forked hundreds of times. Wintermute is still hopeful that the funds will be recovered as the investigation continues. Gaevoy stated that the company was “open to” treating the hack as a white-hat event, which means that the hacker could receive a substantial reward for discovering a security vulnerability in the platform. Though it may appear unlikely, there is precedent for recovering even larger sums of money: in August 2021, a hacker who stole US$600 million in cryptocurrency from the Poly Network cross-chain bridge returned it to the targeted company.