Crypto Market Maker Wintermute Hackers Drain $160M, Profanity Bug Suspected

UK-based crypto market maker Wintermute suffered a loss of approximately $160 million.

In a series of tweets, the company’s founder and chief executive, Evgeny Gaevoy, revealed that the decentralized finance operations had been compromised. The centralized finance and over-the-counter verticals have not been affected.

• Blockchain security expert Certik recorded that $162,509,665 had been stolen over 13 transactions and speculated that the exploit could have resulted from a brute force attack on the Profanity wallet.
• The attacker took advantage of a leaked private key which they were able to utilize to set their malicious contract as the swap contract.
• Notably, the private key compromise stemmed from a vulnerability in the Profanity wallet reported last week by 1inch in a security disclosure report.
• After it was detected by the decentralized exchange aggregator, a hacker stole over $3 million worth of cryptocurrencies from several Ethereum addresses generated with the Profanity tool.
• Despite the hack, Gaevoy has assured that Wintermute, whose backers include Lightspeed Venture Partners, Pantera Capital, as well as Fidelity’s Avon, has “twice over that amount in equity left.”

“If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after. Out of 90 assets that have been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap.”

• Blockchain expert ZachXBT has managed to locate the hacker’s wallet, which held $13 million in Wrapped Bitcoin (WBTC), over $9 million worth of ETH, and $38 million in addition to other ERC-20 tokens as of Tuesday.
• Additionally, a significant chunk of the stolen funds – $114 million in USDC and USDT stablecoins – have been transferred to Curve Finance’s flagship 3Crv liquidity pool.
• Wintermute nor Gaevoy has revealed any further details of the hack. Whether law enforcement has been alerted is also not known.