Wintermute: Everything to know about the $160M exploit

U.K. based crypto market maker Wintermute became the victim of a hack earlier on 20 September. Wintermute CEO Evgeny Gaevoy informed users on Twitter about the exploit on the platform’s DeFi operations, which has led to a loss of about $160 million.

“If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after” Gaevoy warned users as his firm scrambled to get a grip on the situation. 

Data from Etherscan showed that the perpetrator made away with more than $61 million in USD Coin (USDC), $29.4 million worth of Tether (USDT), and 671 wrapped Bitcoin (wBTC) worth more than $13 million, among several other tokens worth millions of dollars. 

A word from the CEO

Evgeny Gaevoy has assured users that in spite of the massive exploit, the company had twice the amount lost, left in equity, putting to rest any concerns over solvency. As per his statement, Wintermute’s estimated remaining equity should be north of $320 million. 

The CEO added that a token sell-off was unlikely, given that the hack was spread over 90 assets, and the maximum concentration of the exploit on an asset did not exceed $2.5 million, with only two affected assets exploited to the tune of over $1 million. He also clarified that CeFi and OTC operations were not affected by the hack.

Gaevoy gave creditors of the Wintermute the option to “recall” loans if they had concerns about the liquidity or solvency of the company.

The CEO has not dismissed the possibility of the hack being the actions of white hat hackers who often identify technical vulnerabilities in exchange for a bounty/ portion of the loot. Well, he has urged the attacker to “get in touch.”

Twitter’s response

Users on Twitter soon mobilized to gather whatever information they could regarding the hack. Popular on-chain sleuth @ZachXBT soon published the hacker’s wallet address, which showed $47.8 million in the wallet, while the remaining $114.3 million were stored on the Curve Protocol. 

Crypto enthusiasts on Twitter have come up with a theory behind the hack. Twitter user @0xtuba explained how Wintermute’s address had seven leading zeroes and described it as a “vanity address”. Such addresses are considered vulnerable.

The user cited fellow crypto influencer @K06a who had previously estimated that a brute force attack on such an address would be possible in 50 days using 1000 graphics processing units (GPUs). 

Given that such processing power was easily available to miners, users believe it is possible that since Ethereum has abandoned the proof-of-stake consensus model, miners have unutilized processing power that is now being used for malicious purposes.

Earlier this year in June, Wintermute took the fall for a “serious error” when it lost 20 million optimism governance tokens meant to facilitate Ethereum scaling solution Optimism’s airdrop. 

A technological lapse saw Wintermute trying to receive the loan in a wallet address that relied on Ethereum layer-1 multi-signature technology, while Optimism runs as a layer-2.

A hacker took advantage of said lapse and was able to transfer the 20 million tokens, although he/she was only able to liquidate about a million of them.