The London, England-based cryptocurrency market maker Wintermute announced becoming the target of a cyberattack and hackers stole $160 million from its DeFi (decentralized finance) operation.
On Tuesday, the company confirmed that the hack was restricted to its DeFi operations, and OTC (over the counter), lending, and Cefi services remained unaffected. However, its service may be disrupted for a day.
The algorithmic trading firm, Wintermute, was founded in 2017. Currently, it trades billions of dollars in both decentralized and centralized cryptocurrency trading platforms.
According to Certik blockchain cybersecurity firm, a vulnerable private key generated by the Profanity vanity address generator is responsible for this attack. As per Certik’s analysis, the vulnerability exploited by the attackers has been known since January.
The attacker (s) used the leaked or brute-forced private key instead of leveraging a smart contract vulnerability and obtained a privilege escalation feature to specify that the “swap contract was the attacker-controlled contract.”
The Profanity vulnerability was disclosed and disclosed by 1inch Network in its blog post published on September 13th and also warned about it on Twitter.
Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.1inch Network
Over $200 Million in DeFi Debt
The company reportedly has more than $200 million in outstanding DeFi debt. The largest debt loosed by TrueFi is around $92 million Tether (USDT) and it is due to mature on 15 October 2022. Another lender is Maple Finance whom Wintermute owes $75 million in USDC and wrapped ether. The company owes $22.4 million to Clearpool.
In one of the tweets, the company’s creator and CEO Evgeny Gaevoy said:
“If you are a lender to Wintermute, again, we are solvent, but if you feel safer to recall the loan, we can absolutely do that We are solvent with twice over that amount in equity left.”
Most of the debt issued is in stablecoins but it is unclear if the company’s mention of Equity covers digital assets too.
Garvey explained that around 90 assets were targeted in the hack. Two of them have been notional for more than $1 million and none of them were notional for over $2.5 million. Furthermore, Gaevoy insisted that Wintermute market maker customers having agreements with the company should not worry about it.
“If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after.”Evgeny Gaevoy
It is worth noting that the company is considering it as a white hat event and has requested the attacker to contact them.
Out of 90 assets that has been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap— wishful cynic (@EvgenyGaevoy) September 20, 2022
Wintermute is just one of the many high-profile cryptocurrency firms that have become targets of hackers in 2022. Previously, blockchain bridge Wormhole suffered $320 million in losses, and Ronin Network suffered a whopping $600 million in losses.
- BitMart Exchange hacked as hackers steal $150 million
- N Korean hackers stole $1.7 billion from cryptocurrency exchanges
- 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack
- Hackers Used Fake LinkedIn Job Offer to Hack $625M from Axie Infinity
- $182 Million From Ethereum-based Beanstalk Stablecoin Protocol Stolen