Wintermute Suffers $160 million Hack
Wintermute (wintermute.com), a premier market-making and OTC firm in the crypto space, was hacked for roughly $160 million dollars worth of assets in the early hours of Tuesday morning. The suspected attack vector is the Profanity vanity wallet address generator that 1inch contributors identified vulnerabilities that would allow for a bad actor to acquire the private keys of any address created with the Profanity application. At the time of disclosure, only a few addresses had been compromised and Wintermute moved successfully moved all assets from that address. However, they failed to remove the address as an admin from their vault. This allowed the attacker to use their access to the wallet to authorize transactions that drained the vault. The CEO of Wintermute, Evgeny Gaevoy, stated that the company is still solvent and that Cefi and OTC operations shouldn’t be affected; however, there will be a pause in on-chain MM’ing services for the next few days.
Wintermute was also the subject of another hack earlier in the year. In June, the Optimism foundation contracted Wintermute to conduct on-chain market making operations upon the launch of their new token. After confirming 2 test transactions with Wintermute, the foundation sent over 20 million OP tokens to their address on the Optimism chain. A hacker realized that Wintermute had not deployed multisig on the Optimism chain and deployed it themselves taking control of the 20 million OP tokens. Wintermute committed to buying back all sold tokens and offered a consulting role to the hacker. The hacker sold 1 million tokens, sent 1 million to Vitalik’s address and kept an additional million before returning the rest.
Thanks for reading Bastion’s Research! Subscribe for free to receive new posts and support my work.
Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Do your own research.
1inch identifies vulnerability. https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c