Digital asset algorithmic market maker, Wintermute, sufferred an exploit relating to its decentralized finance (DeFi) operation, that resulted in a loss for approximately $160 million.
Another day, another DeFi attack. The crypto market has been enduring several exploits over the last few years. However, the DeFi market has been especially vulnerable to such attacks, losing over a billion dollars in the past couple of months. According to a recent public service announcement from the FBI, cyber criminals have embezzeled more than $1 billion in cryptocurrency assets from decentralized finance platforms in a three-month time span.
The Exploit Happened Though DeFi Operations
We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected
— wishful cynic (@EvgenyGaevoy) September 20, 2022
In another such unfortunate incident, a leading algorithmic trading firm, Wintermute, has witnessed a major hack for $160 million through its DeFi operations. However, the firm’s lending and over-the-counter (OTC) services are safe. Wintermute CEO, Evgeny Gaevoy, took to Twitter to confirm the exploit emphasizing that the firm continues to remain solvent. He wrote,
“We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected.”
Gaevoy added that there will be a slight disruption in its service over the next few days but the company will do its best to resolve the situation at the earliest. He further explained that 90 different assets were stolen with only two of the hits were worth between $1 million and $2.5 million. The takings from the remaining 88 were worth under $1 million each.
Gaevoy wrote that the company is still treating the hack as a “white hat” event and asked the hacker to get in touch. The hacker’s wallet has been tracked down by crypto scam buster, ZachXBT. The wallet currently holds around $9 million in ETH and $38 million in other erc-20 tokens. As per Zapper data, around 70% of the funds have been deposited to Curve Finance’s tricrypto pool, a popular move among hackers.
Attackers address for anyone curious:
0xe74b28c2eAe8679e3cCc3a94d5d0dE83CCB84705 pic.twitter.com/mzvDcwp1ye
— ZachXBT (@zachxbt) September 20, 2022
The Attack was a Hot Wallet Compromise
Meanwhile, according to Polygon’s chief information security officer, Mudit Gupta, Wintermute had recently disclosed a, “Profanity bug”, which may have triggered the attack. He also suspected that the attack was, “a hot wallet compromise.” Gupta tweeted,
“I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few weeks ago.”
Wintermute was hacked for ~160m a few hours ago.
I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few weeks ago. pic.twitter.com/FQoUYYajUR
— Mudit Gupta (@Mudit__Gupta) September 20, 2022
In June 2022, Wintermute provided Optimism’s team with a wrong blockchain address resulting in a loss of around $15 million in OP governance tokens. Gaevoy took responsibility for allowing the theft, saying that “we made a serious error.”