Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Crypto Trading Firm Wintermute

In what’s the latest crypto heist to target the decentralized
finance (DeFi) space, hackers have stolen digital assets worth
around $160 million from crypto trading firm Wintermute.

The hack involved a series of unauthorized transactions that
transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66
other cryptocurrencies to the attacker’s wallet[1].

The company said that its centralized finance (CeFi) and
over-the-counter (OTC) operations have not been impacted by the
security incident. It did not disclose when the hack took
place.

CyberSecurity

The digital asset market maker, which provides liquidity to more
several exchanges and crypto platforms, warned of disruption to its
services in the coming days, but stressed that it’s “solvent with
twice over that amount in equity left.”

“We are (still) open to treat[ing] this as a white hat, so if
you are the attacker – get in touch,” the company’s founder and
CEO, Evgeny Gaevoy, said[2]
in a tweet.

Details surrounding the exact exploit method used to perpetuate
the hack is unknown at the moment, although Gaevoy said the attack
was likely caused by a “Profanity-type exploit” in its trading
wallet.

Wintermute further acknowledged it did use Profanity[3], an Ethereum vanity
address generation software, alongside an in-house tool to generate
addresses with many zeros in front as recently as June.

The open-source project is currently abandoned by its anonymous
maintainer, who goes by the moniker johguse, citing “fundamental
security issues in the generation of private keys.”

Profanity, incidentally, also came under spotlight last week
after decentralized exchange (DEX) aggregator 1inch Network
disclosed[4]
a vulnerability that could be abused to recompute the private
wallet keys from addresses created using the utility.

CyberSecurity

Subsequently, the attack vector was exploited by malicious
actors to drain $3.3 million[5]
from Ethereum addresses made with Profanity on September 16,
2022.

The Wintermute breach is the latest attack[6]
on DeFi protocols, including that of Axie Infinity, Harmony Horizon
Bridge, Nomad, and Curve.Finance[7]
in the past few months. Some of these thefts have been attributed
to the North Korea-backed Lazarus Group[8].

References

  1. ^
    attacker’s wallet
    (etherscan.io)
  2. ^
    said
    (twitter.com)
  3. ^
    Profanity
    (github.com)
  4. ^
    disclosed
    (blog.1inch.io)
  5. ^
    drain
    $3.3 million
    (www.theblock.co)
  6. ^
    latest
    attack
    (thehackernews.com)
  7. ^
    Curve.Finance
    (www.coindesk.com)
  8. ^
    Lazarus
    Group
    (thehackernews.com)

Read more

Leave a Reply