Connect with us
Active Currencies 14896
Market Cap $2,319,729,796,411.50
Bitcoin Share 51.09%
24h Market Cap Change $1.63

Is Wintermute’s $160M exploit an inside job? This sleuth says…

3min Read

Share this article

One crypto-sleuth has claimed that the $160 million hack on algorithmic market maker Wintermute last week was an “inside job.” Needless to say, this has now sparked a brand-new crypto-conspiracy theory across crypto-circles. 

On September 20, a hacker used a flaw in a Wintermute smart contract to steal over 70 different tokens, including $61.4 million in USD Coin (USDC), $29.5 million in Tether (USDT), and 671 Wrapped Bitcoin (wBTC), which was then valued about $13 million.

Wintermute’s CEO Evgeny Gaevoy acknowledged on Twitter that its Decentralized Finance (DeFi) activities were being hampered by an “ongoing attack.” However, he added that its centralized finance and over-the-counter trading operations were untouched.

An inside job?

The sleuth – Librehash – claimed that the hack was carried out by an internal party because of how Wintermute’s smart contracts were interacted with and ultimately abused. He said,

“The relevant transactions initiated by the EOA [externally owned address] make it clear that the hacker was likely an internal member of the Wintermute team.”

Here, it’s worth pointing out that James Edwards, the author of the analysis, is a lesser-known cybersecurity researcher/analyst. Although neither Wintermute nor any other cybersecurity specialists are yet to respond, his research is his first publication on Medium.

According to Edwards’ assertion in the essay, the EOA “that made the call on the ‘compromised’ Wintermute smart contract was itself compromised by the team’s usage of a defective internet vanity address creation service.”

Edwards continued by claiming that the Wintermute smart contract in question does not have any “uploaded, validated code.” This makes it harder for the general public to verify the current external hacker theory and raise questions about transparency.

“This, in itself, is an issue in terms of transparency on behalf of the project. One would expect any smart contract responsible for the management of user/customer funds that’s been deployed onto a blockchain to be publicly verified to allow the general public an opportunity to examine and audit the unflattened Solidity code.”.

Questions on specific transfers

He also challenged a specific transfer that took place during the attack, noting that it “shows the transfer of 13.48M USDT from the Wintermute smart contract address to the 0x0248 smart contract (allegedly created and managed by the Wintermute hacker).”

To address a corrupted smart contract, Wintermute allegedly transferred more than $13 million in Tether USD (USDT) from two distinct exchanges, according to the transaction history highlighted by Edwards on Etherscan.

“Why would the team send $13 million worth of funds to a smart contract they *knew* was compromised? From TWO different exchanges?” he questioned

A ‘White-Hat’ operation? 

Commenting on the hack, CEO Gaevoy said, “There will be a disruption in our services today and potentially for the next few days and will get back to normal after.”

The company, which offers liquidity in the crypto-coin realm and transacts billions of dollars a day, is still financially healthy, he continued. It has “double that amount in equity left” and monies for customers with Wintermute market maker agreements are safe, the exec added. 

Wintermute is treating the attack as a “white hat” operation. This implies that if the attacker contacts the business, they’re willing to drop the charges and may even agree to let the thief keep some of the money they took in exchange for returning the remainder.


Saman Waris works as a News Editor at AMBCrypto. She has always been fascinated by how the tides of finance and technology shape communities across demographics. Cryptocurrencies are of particular interest to Saman, with much of her writing centered around understanding how ideas like Momentum and Greater Fool theories apply to altcoins, specifically, memecoins. A graduate in history, Saman worked the sports beat before diving into crypto. Prior to joining AMBCrypto 2 years ago, Saman was a News Editor at Sportskeeda. This was preceded by her stint as Editor-in-Chief at EssentiallySports.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.