Researcher James Edwards came to this conclusion by analyzing the smart contract code

Wintermute team member suspected of hacking for $160 million

27.09.2022 - 12:15


3 min

What’s new? Cybersecurity expert James Edwards, known by the nickname Librehash, claims that the $160 million hack of market maker Wintermute’s DeFi protocol is an “inside job.” The researcher came to the conclusion that the exploit was carried out by an employee of the project by analyzing the smart contract code. According to Edwards, “the relevant transactions initiated by the EOA [externally owned address] make it clear that the hacker was likely an internal member of the Wintermute team.”

Librehash’s blog

What else did Edwards report? The expert suggests that the EOA that made the request for Wintermute’s compromised smart contract was itself compromised through the team’s use of “a faulty online vanity address generator tool.”

Edwards said the attacker recovered the private key to the compromised EOA, noting that this could only be done with admin access.

The researcher also discovered a transfer of 13,48 million USDT from Wintermute to the 0x0248 address, allegedly created and controlled by the hacker. Edwards drew attention to Etherscan’s transaction history, allegedly showing that Wintermute had transferred these funds from two different exchanges to address a compromised smart contract.

Edwards’ theory has not yet been confirmed by other blockchain security experts. Although there is talk in the crypto community that the project’s employees may have been involved in the hack.

What do the project’s representatives say about the hack? Evgeny Gaevoy, the co-founder of Wintermute, noted that centralized finance (CeFi) protocols and over-the-counter (OTC) operations were not affected. According to him, all user funds are safe. In this, Gaevoy pointed out that the company has twice the amount stolen by hackers, so Wintermute remains “solvent.”

What is known about Wintermute? The cryptocurrency project was founded in 2017. The company positions itself as “a new generation algorithmic trading firm.” It provides liquidity to other companies and has its own digital asset exchange.

Earlier, analysts at cybersecurity firm Peckshield reported that hackers stole more than $446 million worth of cryptocurrency in three summer months through hacks. In August, the loss from 18 attacks on crypto platforms totaled $208,5 million. In July, hackers carried out 12 hacks worth $10,2 million, and in June, attackers withdrew $227,76 million during 21 attacks.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy