Crypto Market Maker Wintermute Loses $160 Million to Hackers

MakeUseOf

By Katie Rees

Published Sep 21, 2022

U.K-based cryptocurrency market maker Wintermute has lost over $160 million via a hack, according to the company's CEO.

The CEO of Wintermute, a popular crypto market maker, has announced that the platform has lost $162.2 million dollars via a huge hack. Various kinds of cryptocurrency funds were stolen in this attack.

Wintermute CEO Reveals Massive Losses via Hacking

On September 20, 2022, the CEO of Wintermute, Evgeny Gaevoy, tweeted that his company had suffered a huge financial loss via a recent hack. Under the original tweet (shown below), Gaevoy stated that Wintermute was "hacked for about $160m in defi operations", but reassured users that their funds are safe.

Wintermute provides over fifty crypto-based services with liquidity, particularly exchanges like Binance, Kraken, and UniSwap. It is currently one of the most popular algorithmic market makers in the industry, dealing with billions of dollars in digital assets on a daily basis.

It is thought that a well-known private key vulnerability was exploited to steal funds within this attack. The vulnerability, which exists within the code of the Profanity app, was used to target addresses associated with the software. Wintermute made the move to blacklist its Profanity DeFi accounts prior to the hack, but missed one account in the process due to human error, which was then targeted.

Gaevoy stated in the aforementioned Twitter thread that Wintermute will treat this as a white-hat hack due to the exploitation of this vulnerability. This means that the hacker will not be legally prosecuted for the theft if they return the stolen funds in exchange for a reward.

Various Were Cryptos Stolen in the Attack

person holding laptop displaying "you've been hacked" on screen

In the Wintermute hack, over 70 kinds of crypto were stolen, including popular stablecoins USD Coin (USDC) and Tether (USDT). Over $60 million in USD Coin was stolen in the attack, as well as almost $30 million in Tether.

These funds were transferred to the hacker's wallet, which already holds huge amounts of Ethereum and other ERC-20 tokens. The hacker has also moved a large portion of the stolen funds to a liquidity pool, making them that much harder to keep track of and retrieve.

Large Hacks Are Nothing New in the Crypto Industry

Wintermute is not the first large crypto firm to suffer a hack over the past few years. Many platforms, including liquidity providers, exchanges, and other DeFi services have lost huge amounts of crypto via remote attacks through 2021 and 2022.

Take Crypto.com, for example. This huge crypto exchange suffered a hack in January 2022, wherein $35 million was stolen. Another big player in the industry, Fei Procotol, lost $80 million via a bug exploitation in June of the same year. Billions in crypto have been stolen over the past decade, with more hacks being successfully executed every month.

Wintermute's Stolen Funds Remain at Large

Though Wintermute has offered the party responsible for the hack a reward for its return, it is not known whether the malicious actor will take the company up on this offer. At the time of writing, the $162.2 million stolen from Wintermute remains lost. Only time will tell whether a compromise can be reached with the hacker.