On the topic of the latest hacks, Wintermute- the crypto trading firm responsible for providing crypto-based financial services, has joined the list of establishments in the DeFi space ravaged by cybercrime.
The CEO, Evgeny Gaevoy, announced on Tuesday via his Twitter page that the hack had targeted their decentralized finance operations, resulting in losses worth $160M. This is the second incident involving the firm over the past few months.
DeFi hacks have contributed to a more significant percentage of cyber exploits in the crypto industry this year. While the crypto market suffered a staggering loss of $1.9 billion, decentralized finance protocols bore the weight of the brunt, coming to a collective deficit of $1.6 billion from crypto hacks.
Some of the biggest thefts include the Axie Infinity’s Ronin bridge exploit worth $650 million, the Wormhole communications bridge for DeFi blockchains worth $320 million, and the attack on Beanstalks Farm’s governance valued at $180 million.
Most of the attacks have been traced back to Lazarus Group, a cyber actor associated with North Korea. While the FBI has released statements warning investors and firms to stay vigilant, hackers seem to find new ways to gain access.
Probable Source of Attack, Profanity
Wintermute provides liquidity across significant cryptocurrency exchanges and manages “millions of assets” in the global crypto market.
Here’s everything to know about the attack–
Attack vector
The attack concerned our wallet used for DeFi proprietary trading operations, separate from the company’s CeFi and OTC operations. Internal and counterparty data were not affected.
Attack source
The source of the attack most likely had to do with the use of Profanity, a vanity wallet address generator. It has been reported five days before having a vulnerability. Profanity is a tool used to generate addresses with many zeros in front.
Wintermute explained that Profanity was used for gas optimization and no longer using the generator as of June. They were aware of the vulnerability, but an internal human error caused their router to be blacklisted rather than the operator.
Wintermute Assures Lenders of Its Solvency
As expected, the news drew concerns from parties involved, like M11 Credit, who promptly got in touch with the Wintermute team.
The CEO quickly assured users that the firm was still solvent, and lenders were not worried about the possibility of a significant sell-off.
“We are solvent with twice over that amount in equity left. If you have a MM agreement with Wintermute, your funds are safe,” Evgeny Gaevoy explained. “If you are a lender to Wintermute, again, we are solvent, but if you feel safer recalling the loan, we can do that.”
10% Offered Bounty to the Hacker
Evgeny Gaevoy stated that Wintermute would treat the hack as a white hat, giving the attacker grace to turn themselves in. The firm has also offered a 10% bounty on funds taken to the Hacker, asking to return the balance to the wallet address they made public.
However, to speed up damage control, an injunction had been set. The exploiter has been given one day to return funds, or Wintermute would be forced to take legal action.
“If the stolen funds are not returned by the deadline, you will force us to remove our bounty offer and white-hat label; we will proceed accordingly with the appropriate authorities and avenues.”
