Wintermute Loses 160 Million USD in Major Defi Hack

Major liquidity provider Wintermute has become the latest cryptocurrency firm to suffer a security breach in recent months. 

Attack to Be Treated as a “White Hat” Hack

Earlier this morning, CEO of Wintermute Evgeny Gaevoy took to Twitter to share the news. In a series of tweets, Gaevoy explained that only their DeFi protocols had been affected. Their CeFi and OTC activities remain up and running. About 90 assets were compromised, with a little over 160 million USD siphoned off in 13 transactions. 

Upon further review, blockchain security firm Cerik determined that the hack had most likely resulted from a breach in the Profanity Wallet. Profanity is a tool used to generate random wallet addresses. While it is useful for quickly creating a lot of user wallets, these addresses become increasingly easier to breach over time. Interestingly, DeFi exchange aggregator, 1Inch, discovered and reported this flaw a week prior to the hack. 

The hacker then went on to loot a further 3.3 million USD from compromised Ethereum wallets generated using the Profanity tool. 

A Twitter blockchain expert located the hacker’s wallet address mere hours later. The wallet showed that the hacker had already transferred well over half the stolen funds into the Curve liquidity pool. 

Wintermute CEO Assuages Fears

Despite the severity of the situation, CEO Gaevoy assured users that the hack would not cripple the company’s operations. According to Gaevoy, Wintermute still has well over the stolen amount left in equity. The chief executive explained that the funds of any parties that had a material agreement with the company remained intact. 

The CEO then added that users could choose to recall their loans if they felt uncomfortable with the company’s position. 

Finally, Gaevoy stated that Wintermute would treat the breach as an ethical hack, and encouraged the hacker to contact them. 

Bitcoin live price
price change

Wintermute joins Nomad, Harmony, and Crema Finance on the ever-lengthening list of crypto firms that have seen hacks this year. In mid-August, CNBC reported that hackers had stolen nearly 2 billion USD in 2022 alone.

Stay up to date with our latest articles