Major crypto market maker Wintermute has become the latest decentralized finance (DeFi) hack victim, with the platform losing around $160 million to attackers. Meanwhile, the company has assured that it remains solvent.
Bulk of the Stolen Funds Moved to Curve
Wintermute founder and CEO Evgeny Gaevoy revealed the hack incident in a tweet thread on Tuesday (September 20, 2022). According to Gaevoy, two out of the 90 different assets that were compromised “have been for notiontal over $1 million (and none more than $2.5 million),” with the executive assuring that there would be no major selloff.
Meanwhile, on-chain sleuth ZachXBT shared the hackers’ wallet address which held nearly $163 million, with a screenshot revealing that the attackers already moved $114 million to Curve Finance’s 3crv, leaving a balance of close to $48 million in the wallet.
According to Polygon’s chief security officer Mudit Gupta, the hacker compromised Wintermute’s hot wallet. This was likely due to the fact that the wallet was generated using Profanity, a vanity address generating tool for Ethereum. Vanit addresses refer to human-readable addresses and Profanity is a tool that can be used to generate such addresses.
Recently, a bug was discovered on the Profanity tool. This bug rendered addresses generated by the tool vulnerable to hackers. Decentralized exchange aggregator 1inch previously issued a warning stating that funds in vanity addresses generated by Profanity were not safe, further revealing a vulnerability in the Ethereum vanity address generating tool.
Wintermute’s attacker likely leveraged this vulnerability to siphon funds from the address, according to Gupta’s findings.
“The attacker is likely a seasoned hacker/solidity developer. They created a helper contract, deposited stables into Curve to avoid blacklisting, and figured out this vulnerability in a closed sourced vault contract in the first place.”
Funds Are ‘Safu’
Although the funds were drained from the market maker’s DeFi operations, Gaevoy said that the hack incident did not affect Wintermute’s centralized finance (CeFi) and over-the-counter (OTC) operations.
Gaevoy in the tweet thread stated that the platform is solvent with more than two times the hacked amount ($160 million) left in equity. The CEO further assured lenders about the platform’s solvency, while stating that Wintermute will honor requests to recall any loans.
However, the Wintermute boss gave no further details such as the time and nature of the attack but said that the team was open to treating the incident as a “white hat,” encouraging the hackers to contact the firm.
The latest development comes a few months after an attacker stole 20 million Optimism (OP) tokens due to an error from Wintermute’s end. As previously reported by crypto.news, the hacker sold one million OP tokens which were bought by Wintermute. One million OP coins were later sent to an address belonging to Ethereum co-founder Vitalik Buterin, while the hacker returned 17 million OP tokens to Optimism.