Wintermute, a UK-based cryptocurrency market maker, became the latest victim of decentralized finance (DeFi) hacks, losing an estimated $160 million, according to Evgeny Gaevoy, founder and CEO of the company.
Short communication on the ongoing Wintermute hack
— wishful cynic (@EvgenyGaevoy) September 20, 2022
According to Etherscan, more than 70 different tokens have been transferred to the “Wintermute attacker”, including $61,350,986 in USD Coin (USDC), 671 Wrapped Bitcoin (wBTC), which is equivalent to approximately $13,030,061, and $29,461,533 in Tether (USDT). The largest sum of tokens appears to be USDC.
The company’s OTC and centralized operations were not affected as the hacker(s) drained funds from its DeFi operations. Gaevoy stated that the market maker is solvent and has double the stolen amount left in capital, underlining that user funds are safe.
Wintermute is an algorithmic market maker that works with digital assets such as cryptocurrencies. The group is a UK registered company, located in Cheshire, and regulated by the Financial Conduct Authority. According to the Commercial Registry, Evgeny Gaevoy is a director with “more than 25%, but not more than 50%” of the shares.
According to Ajay Dhingra, head of research and analysis at Unizen, “The nature of the exploit suggests that the Wintermute hot wallet was compromised.” Dhingra told Cointelegraph that “The attacker cleverly manipulated the bug in the smart contract.”
“This incident puts the focus back on increasing security around smart contracts, which is uncharted territory for now.”
In the brief thread of tweets, Gaevoy, a Dutch national, He suggested that theft could be treated as a white hat hack. The attacker could contact Wintermute to share the discovered vulnerabilities and prevent similar hacks from happening in the future.
White hat hacks are common in the cryptocurrency space. Exchanges, market makers, and sometimes companies reward hackers in the form of money or jobs. As the Wintermute attacker’s Ether (ETH) address is public, the address has been spammed by crypto enthusiasts, with messages like “please return the funds. I’m very poor. Even $5,000 would be amazing.”
People spamming the wintermute exploiter
Always fun going through these messages pic.twitter.com/a8ZSoQKFT1— Paul (@Frapees) September 20, 2022
Cointelegraph has contacted Wintermute for a response and will update this note when possible.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.