Bastion’s Research

Share this post

Wintermute Suffers $160 million Hack

bastion.substack.com

Wintermute Suffers $160 million Hack

Bastion Capital Partners
Sep 20, 2022
Share

Wintermute (wintermute.com), a premier market-making and OTC firm in the crypto space, was hacked for roughly $160 million dollars worth of assets in the early hours of Tuesday morning. The suspected attack vector is the Profanity vanity wallet address generator that 1inch contributors identified vulnerabilities that would allow for a bad actor to acquire the private keys of any address created with the Profanity application

1
. At the time of disclosure, only a few addresses had been compromised and Wintermute moved successfully moved all assets from that address. However, they failed to remove the address as an admin from their vault
2
. This allowed the attacker to use their access to the wallet to authorize transactions that drained the vault. The CEO of Wintermute, Evgeny Gaevoy, stated that the company is still solvent and that Cefi and OTC operations shouldn’t be affected; however, there will be a pause in on-chain MM’ing services for the next few days.

Twitter avatar for @EvgenyGaevoy
wishful cynic @EvgenyGaevoy
Short communication on the ongoing Wintermute hack
8:03 AM ∙ Sep 20, 2022
1,392Likes355Retweets

Wintermute was also the subject of another hack earlier in the year. In June, the Optimism foundation contracted Wintermute to conduct on-chain market making operations upon the launch of their new token. After confirming 2 test transactions with Wintermute, the foundation sent over 20 million OP tokens to their address on the Optimism chain

3
. A hacker realized that Wintermute had not deployed multisig on the Optimism chain and deployed it themselves taking control of the 20 million OP tokens. Wintermute committed to buying back all sold tokens and offered a consulting role to the hacker. The hacker sold 1 million tokens, sent 1 million to Vitalik’s address and kept an additional million before returning the rest.

Thanks for reading Bastion’s Research! Subscribe for free to receive new posts and support my work.

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Do your own research.

1

1inch identifies vulnerability. https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c

2

https://mudit.blog/wintermute-muted-in-crypto-winter/

3
Twitter avatar for @optimismFND
Optimism (✨🔴_🔴✨) @optimismFND
Hey folks--in the interest of transparency, we'd like to share some details about an ongoing situation: optimism.io/wintermute-tra… Summary below 🧵👇
optimism.ioWintermute Transparency UpdateA Message to the Community from the Optimism Foundation
8:21 PM ∙ Jun 8, 2022
1,664Likes450Retweets

Share
Top
New

No posts

Ready for more?

© 2023 Bastion Capital Partners
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing