Crypto: hackers exploited a flaw in an Ethereum tool to steal $160 million

wintermutea “market maker” or cryptocurrency market maker, was the victim of a large-scale hack. In a message posted on Twitter on September 20, 2022, Evgeny Gaevoy, CEO of the London-based company, announced the disappearance of $160 million of crypto-assets.

The official clarifies that the hack only affected operations relating to decentralized finance. Traditional finance and OTC (Over The Counter) transactions are not affected. He further specifies that Wintermute remains solvent. The firm is committed to resuming its normal activities in the coming days. Wintermute stresses that the rest of the funds in his possession are safe.

Wintermute is one of the industry’s leading market makers. The firm is responsible for provide liquidity exchange platforms, decentralized or centralized, such as Binance or Coinbase. The British company is currently collaborating with around fifty big names in the industry. Recently, Wintermute even became the official market maker of the TRON ecosystem.

At the end of the attack, the hackers transferred part of the funds ($47.7 million) to a digital wallet. The rest of the stolen assets were sent to CurveFinance, an important decentralized finance protocol. The platform, based on the Ethereum blockchain, offers stablecoin holders to provide liquidity to receive income.

On the same theme: Amazon will participate in the creation of the digital euro, the future European alternative to cryptocurrencies

A flaw in an Ethereum address generator

A few hours after the events, Wintermute returned to the circumstances of the attack. According to Evgeny Gaevoy, the hackers exploited a security flaw in Profanity, an address generator on the Ethereum blockchain. The tool allows users to customize their public address by choosing a defined prefix or suffix. These personalized addresses are titled “vanity addresses”. Generally, the addresses on the blockchain are rather randomly generated based on the private key.

The breach was identified a few days before the attack by 1inch, another decentralized exchange that relies on Ethereum. 1inch teams have discovered a vulnerability in the process of generating a personalized address. By exploiting the flaw, it is possible to find the private key, the equivalent of a password or an access code, of the address of a digital wallet. De facto, an attacker can take control of the funds stored on a wallet without the knowledge of its owner.

The 1inch researchers explain that they were able to “guess” the private keys of a series of addresses thanks to a simple brute force attack. The attack was carried out using the computing power of a graphics card. This is exactly what would have happened during the attack on Wintermute.

Apparently the market maker has used Profanity and an internal tool to generate addresses ». The last custom addresses are from June 2022. When the Wintermute teams heard about 1inch’s discovery, they accelerated the removal of Profanity addresses to move to a more secure build script.

Unfortunately, human error caused a flaw in the process. Although the funds were moved to a more secure address, the old address still had permissions to sign smart contracts.

“As advanced as our technologies are, most vulnerabilities come from human error”explains Evgeny Gaevoy.

Ethereum addresses at the mercy of hackers

According to computer security expert ZachXBT, the vulnerability was exploited before the Wintermute hack. The flaw would have made it possible to divert over $3.3 million this September 16, 2022. Several addresses were siphoned off. The funds were transferred to a wallet held by an unknown hacker. For its part, 1inch claims that many addresses, generated by Profanity, have been hacked in this way. Hundreds of millions of dollars are currently at risk.

Your money is not safe if your wallet address was generated with the Profanity tool. Transfer all your assets to another wallet as soon as possible! »recommend 1inch.

Tal Be’ery, another cybersecurity expert, believes that 1inch indirectly coerced the hackers into launching their attack. On Twitter, the researcher thinks that attackers were trying to find as many private keys as possible » when 1inch published its report. In an emergency, the hackers then hastened to collect cryptocurrencies stored on the already compromised wallets.

Before the Wintermute attack, johguse, the developer behind Profanity, had already Internet users are advised not to use the tool open-source. On Githubhe specifies that the project was discontinued a few years ago”. No update will fill the flaw identified by 1inch. johguse recommends using another solution to generate personalized addresses.

Note that this flaw is not related to the functioning of the Ethereum blockchain. Although ETH addresses are at risk, the vulnerability has been introduced by a third-party solution. The recent Ethereum update, and move to Proof of Stake, has nothing to do with the Wintermute hack.

To recover the funds stolen during the hack, Evgeny Gaevoy offered a 10% bonus to pirates. If the stolen funds are returned, Wintermute will offer the equivalent of $16 million in cryptocurrency. The CEO clarifies that the company will not be laying off any employees, changing its strategy, raising additional funds, or shutting down its decentralized finance activities. Despite this setback, the firm remains faithful to its roadmap.

Yet another decentralized finance hack

This is far from being the first hack that marked the crypto ecosystem. Last month, Cbridge, the bridge of Celer Network, was hacked. The attackers walked away with $240,000. There is also the Nomad hack, which resulted in the theft of $190 million, Ronin ($624 million), Poly Network ($611 million) and Wormhole ($326 million).

According to a study by Chainalysis, a specialist in blockchain analysis, hacks increased by 60% between January and July 2022 compared to the same period in 2021. By exploiting loopholes, criminals seized $1.9 billion in crypto-assets in six months.

Source :

The Block

We wish to thank the author of this write-up for this remarkable web content

Crypto: hackers exploited a flaw in an Ethereum tool to steal $160 million

Discover our social media profiles and the other related pages