Wintermute team member suspected of hacking for $160 million
Researcher James Edwards came to this conclusion by analyzing the smart contract code
27.09.2022 - 12:15
554
3 min
0
What’s new? Cybersecurity expert James Edwards, known by the nickname Librehash, claims that the $160 million hack of market maker Wintermute’s DeFi protocol is an “inside job.” The researcher came to the conclusion that the exploit was carried out by an employee of the project by analyzing the smart contract code. According to Edwards, “the relevant transactions initiated by the EOA [externally owned address] make it clear that the hacker was likely an internal member of the Wintermute team.”
What else did Edwards report? The expert suggests that the EOA that made the request for Wintermute’s compromised smart contract was itself compromised through the team’s use of “a faulty online vanity address generator tool.”
Edwards said the attacker recovered the private key to the compromised EOA, noting that this could only be done with admin access.
The researcher also discovered a transfer of 13,48 million USDT from Wintermute to the 0x0248 address, allegedly created and controlled by the hacker. Edwards drew attention to Etherscan’s transaction history, allegedly showing that Wintermute had transferred these funds from two different exchanges to address a compromised smart contract.
7/ That concludes my breakdown of the Wintermute smart contract 'hack' and why I've come to the conclusion that this was the product of an inside job rather than an outside attacker exploiting an EOA with a weak private key due to the use of a faulty vanity addy generator tool— James Edwards (@librehash) September 26, 2022
Edwards’ theory has not yet been confirmed by other blockchain security experts. Although there is talk in the crypto community that the project’s employees may have been involved in the hack.
The fact that @wintermute_t used the profanity wallet generator and kept millions in that hot wallet is negligence or an inside job. To make things worse the vulnerability in profanity tool was disclosed a couple of days ago.— Rotex Hawk 🦇🔊 (@Rotexhawk) September 21, 2022
What do the project’s representatives say about the hack? Evgeny Gaevoy, the co-founder of Wintermute, noted that centralized finance (CeFi) protocols and over-the-counter (OTC) operations were not affected. According to him, all user funds are safe. In this, Gaevoy pointed out that the company has twice the amount stolen by hackers, so Wintermute remains “solvent.”
What is known about Wintermute? The cryptocurrency project was founded in 2017. The company positions itself as “a new generation algorithmic trading firm.” It provides liquidity to other companies and has its own digital asset exchange.
Earlier, analysts at cybersecurity firm Peckshield reported that hackers stole more than $446 million worth of cryptocurrency in three summer months through hacks. In August, the loss from 18 attacks on crypto platforms totaled $208,5 million. In July, hackers carried out 12 hacks worth $10,2 million, and in June, attackers withdrew $227,76 million during 21 attacks.
Useful material?
Market
Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000
Dec 16, 2024
Incidents
Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13
Dec 13, 2024
Crypto regulations
Stablecoins from issuer Circle will not be affected by the changes
Dec 12, 2024
Crypto regulations
The platform will launch after meeting the preconditions of the local exchange authority
Dec 9, 2024
Market
The $1,1 billion figure was reached after the bitcoin correction
Dec 6, 2024
Crypto regulations
By early January, all open positions and loans of local users will be closed and repaid automatically
Dec 5, 2024