Wintermute market maker hacked this week!

Market maker Wintermute suffered an attack and lost nearly $160 million on Tuesday, making it the seventh-biggest decentralized finance (DeFi) hack.

$160 million stolen

The “Market Maker” Wintermute has just been the victim of a massive hack. CEO Evgeny Gaevoy reports that $160 million in cryptocurrency was stolen as a result of the company’s decentralized finance (DeFi) activity. CeFi (known as “centralised finance”) and OTC (Over The Counter) operations are not affected.

Founded in 2017, Wintermute is responsible for “providing liquidity to capital markets to ensure sufficient trading volume for investors to buy and sell tokens at reasonable prices,” the company said in its statement.

Market makers “offer offers to buy and sell and make money on the spread between the two, like a currency exchange kiosk.” The UK company currently works with around 50 of the biggest names in the industry. Recently, Wintermute even became the official market maker of the TRON ecosystem.

At the end of the attack, the hackers transferred part of the funds ($47.7 million) to a digital wallet. The rest of the stolen assets were sent to Curve Finance, a leading decentralized finance protocol. Based on the Ethereum blockchain, the platform provides liquidity to stablecoin holders to earn income.

A few hours after the incident, Wintermute returned to the circumstances of the hack. According to Evgeny Gaevoy, hackers exploited a security flaw in Profanity, an address generator on the Ethereum blockchain.

The tool allows users to customize their public addresses by choosing a defined prefix or suffix. These personalized addresses are called “personalized addresses”. Typically, addresses on the blockchain are randomly generated based on private keys.

Possible discussions to return the funds

The vulnerability was discovered days before the attack by 1Inch, another decentralized exchange that relies on Ethereum. The 1inch team discovered a bug in the custom address generation process. By exploiting the vulnerability, it is possible to find the private key of a digital wallet address, which is equivalent to a password or an access code. As a result, attackers were able to control funds stored in wallets without the knowledge of their owners.

1inch researchers explained that they were able to “guess” the private keys of a range of addresses through a simple brute force attack. The attack is carried out using the computing power of the graphics card. That’s exactly what happened when Wintermuth was attacked.

Apparently the market maker “used Profanity and internal tools to generate addresses”. The last custom address was in June 2022. When the Wintermute team heard of 1Inch’s findings, they accelerated the removal of Profanity addresses in order to move to more secure security scripts.

Unfortunately, human error led to flaws in the process. Although the funds were transferred to a more secure address, the old address still had permissions to sign the smart contract.

Wintermute founder and CEO Evgeny Gaevoy informed in his newsletter that the company is open to discussions. Therefore, the hackers are asked to return the funds in exchange for rewards.

As for the hack itself, the $160 million stolen would make it the 7th biggest hack in the ranking of decentralized finance (DeFi) attacks. Attackers have already started making funds work on protocols such as Curve (CRV), according to observations by blockchain security expert SlowMist.

The question now is whether hackers will go the white hat route, or will they continue to use the stolen money.

We wish to thank the author of this article for this remarkable web content

Wintermute market maker hacked this week!

Check out our social media profiles and other pages related to it.