Connect with us

News

Inside Wintermute’s $160M hack. What happened?

Published

on

 

While the common folks were waking up to a bright new day, the team at Wintermute was waking up to a black Tuesday. At approximately 5:11 AM +UTC, the Wintermute team got hacked for ~$160m. Only two of the 90 assets hacked were worth more than $1 million (and none were worth more than $2.5 million), so there should be no major selloff.

Wintermute is a global algorithmic market maker specializing in digital assets. They build liquid and efficient markets on centralized and decentralized trading platforms, as well as off-exchange. They are also referred to as OG Market Makers and CeFi providers.

How did the hack happen?

A quick look on-chain reveals that Wintermute’s x0000… addresses were generated by a tool called “Profanity.” This critical flaw was recently disclosed by 1inch.

Profanity, according to 1inch, is a popular and “highly efficient” tool that allows users to generate millions of addresses per second. However, Profanity’s procedure for generating the addresses is not without flaws. It is vulnerable to attacks because it uses a faulty random number generator. 

So, the best guess is that the hack was a hot wallet compromise caused by the tool’s Profanity bug.

Wintermute’s hot wallet initiated the hack by calling their vault contract to transfer tokens to the hacker’s contract. The vault only allows admins to make these transfers, and Wintermute’s hot wallet is, as expected, an admin. As a result, the contracts functioned normally, but the admin address (a vanity address that begins with a string of zeroes) was compromised.

The attacker(s) had apparently discovered this flaw in a closed-source vault contract in the first place. And to avoid blacklisting and circumvent tether and circle bans, they created a helper contract and deposited $110M in stables in CurveFinance

Is Wintermute at risk of Insolvency?

Wintermute claims that they are still solvent and healthy and that there is no reason to be concerned. They claim that their CeFi and OTC operations are unaffected and that they are solvent, with twice the amount of equity that was hacked remaining.

If their word is any obvious indication, it means that if you have an MM agreement with Wintermute, your funds are probably safe. There will be a disruption in their services today and possibly for the next few days, but they assure the public that everything will be back to normal soon. If you are a Wintermute lender and feel more comfortable recalling the loan, the CEO has assured the public that they can do so.

The team has issued an official report stating that they are willing to treat this as a white hat if the attacker(s) get in touch. It is also worth noting that Wintermute previously lost (and successfully recovered) 20 million $OP tokens in June of this year. So, if everything goes exactly as it did the last time, there’s a chance that this exploiter will also return the token.

What do you think of this article? Share your comments below. 

0 0 votes
Article Rating
Advertisement Earnathon.com
2 Comments
0 0 votes
Article Rating
Subscribe
Notify of
guest

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Latest Episode on Inside Blockchain

Crypto News Update

Crypto Street

Advertisement



Trending

ALL Sections

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x