Wintermute was attacked by a 160 million dollar hack that exploited a well-known vulnerability
Wintermute was attacked by a 160 million dollar hack that exploited a well-known vulnerability
- An error in the vanity address generator Profanity is suspected as an attack vector, say security experts
- stablecoins, the vast majority of funds, were deposited with Curve Finance to probably escape a black list
The liquidity provider Wintermute, which provides liquidity on most CEFI and defi exchanges, suffered a difficult setback this year in a second security incident.
CEO Evgeny Gaevoy revealed in A Twitter-thread Financial operations (Defi) came across a violation of $ 160 million. The CEFI operation and the company's out-of-the-counter services are not affected, he said.
gaevoy stated that Wintermute remained solvent after the hack and has $ 320 million in equity. Users must expect disorders to be faced with disorders in the next few days until the operation runs normal again.
The CEO said that the company was "open" to treat the situation as a white hat, and referred to hackers who only test weaknesses in a system compared to malicious hackers. It is not known whether this is the intention of the hacker.
We are (still) open to treat this as a white hat, i.e. if you are the attacker - contact us
- Wish cyniker (@evgenygaevoy) 20. September 2022
Wintermute is one of the largest crypto liquidity providers who are committed to crypto market make-up for stock exchanges such as Binance and Coinbase. The second time marks the second time that the company was involved in a hack this year. In June, a hacker stole 20 million optimism tokens by using a failed transaction with Wintermute.
Security experts point to a known mistake as a winter mute hack vector
Mudit Guppa, Chief Security Officer at Polygon, suspected in a tweet Hot-Wallet compromise was Last WEEK OF THE 1 TIME ACTIONS. 1inch had warned that the Wallet addresses generated with the profanity tool could be compromised.
"If you have used Profanity to get a Vanity Smart Contract address, make sure that you change the owners of this smart contract", 1inch employees wrote in a letter dated September 15 Blog entry .
The participants found that the popularity of Profanity does not mean that it was not error -free and that his weak point enabled hackers to "secretly" steal dozens of millions of dollars from the users' wall pockets.
"It is not an easy task, but at this point it looks like tens of million dollars in cryptocurrency could be stolen, if not hundreds of millions," said the post.