• Wintermute Hackers Drain $160 Million, Profanity Bug Suspected

  • Wintermute is considering the hack as a “white hat” incident and has asked the attacker to contact him.

    Wintermute, a crypto market maker based in the United Kingdom, lost around $160 million.

    Evgeny Gaevoy, the company’s founder and CEO, stated the decentralized finance operations had been compromised in a series of tweets. Centralized financing and over-the-counter trading are unaffected.

    Certik, a blockchain security specialist, said that $162,509,665 had been stolen over 13 transactions and theorized that the exploit could have been the consequence of a brute force assault on the Profanity wallet.

    The attacker took advantage of a leaked private key and used it to configure their malicious contract as the swap contract.

    Notably, the private key compromise was caused by a vulnerability in the Profanity wallet, which was disclosed in a security disclosure report last week by 1inch.

    A hacker stole over $3 million in bitcoins from numerous Ethereum addresses made with the Profanity tool after the decentralized exchange aggregator discovered it.

    Despite the hack, Gaevoy has told Wintermute’s backers, who include Lightspeed Venture Partners, Pantera Capital, and Fidelity’s Avon, that the company has “double that amount in equity left.”

    “If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after. Out of 90 assets that have been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap.”

    As of Tuesday, blockchain specialist ZachXBT had located the hacker’s wallet, which had $13 million in Wrapped Bitcoin (WBTC), over $9 million in ETH, and $38 million in addition to various ERC-20 tokens.

    A major portion of the stolen cash - $114 million in USDC and USDT stablecoins - has also been transferred to Curve Finance’s flagship 3Crv liquidity pool.

    Neither Wintermute nor Gaevoy have released any additional information about the hack. It is also unknown whether law enforcement has been notified.

    What's your reaction?