The Wintermute Hack Explained
Wintermute is a market maker and trading firm for both digital assets and cryptocurrencies. According to their website, they create liquid and efficient markets on centralized and decentralized trading platforms and off-exchange.
The liquidity provider, which trades billions of dollars daily, recently landed itself in hot water after a $160 million breach in its defi operations, which occurred on the 20th of September. Read on to learn more about the hack.
What Happened in the Wintermute Hack?
Founder and CEO Evgeny Gaevoy was aware of the breach within minutes, and made it public on Twitter an hour later, assuring users that the company was still solvent, and that their funds were safe, as there was still over $350 million in equity available to the company. He also let users know that they could recall any loans with Wintermute, should they feel safer doing so. He did not mention any theories for how the hack happened or who may have been behind it at the time.
Since then, during an investigation that is still ongoing, Gaevoy has explained that the breach was likely due to a service that Wintermute uses called Profanity. Cryptocurrency addresses are traditionally a 30-character long string of random letters and numbers. Profanity makes these addresses easier to deal with by creating “vanity addresses”, which work similarly like vanity license plates for your car. Profanity also lowers trading transaction costs for accounts using their addresses, which is the primary reason that the service was being used by Wintermute.
The problem arose when news broke of a security vulnerability within the code of Profanity. Essentially, anyone with enough computing power could generate all of the possible keys and passwords associated with Profanity addresses. They can use this to access the accounts, see how much money is held, and steal the assets.
When Wintermute caught wind of this vulnerability, their team went to work to “blacklist” any account using a Profanity address, in order to prevent them from being liquidated. The mishap occurred due to the “human error” of the Wintermute team, which failed to blacklist one of these ten accounts, which is likely where the $160 million was taken.
The Ethereum address involved in this hack held almost $13 million in Wrapped Bitcoin (WBTC), $9.3 million in Ethereum (ETH), and a myriad of other tokens. Most of the stolen funds, which totaled $114 in stablecoins, were moved to Curve Finance, likely to avoid getting blacklisted. Since these tokens now sit among the $869 million pool of others just like it, it is much more difficult for the coin issuers to freeze the assets.
Despite this, Gaevoy has assured users that the company has twice what they lost in liquid funds, and that users should not be worried about losing assets. The CEO was quoted as saying they have more than $350 million in equity and that they are “one of the very few crypto-native proprietary trading firms that can actually take this punch”.
Who was Behind the Wintermute Hack?
Despite a long investigation, no single individual or entity has been linked or traced to this breach. Initially, Gaevoy stated that he’d like to treat the situation as a white hat, which is essentially paying a hacker in order to find and fix bugs or vulnerabilities within a system. Gaevoy tweeted out an address where the hacker could send 90% of the stolen funds taken, keeping 10% as a bounty. None of the funds were returned.
There are many theories online as to who may have been behind this hack. Prominent cyber sleuth James Edwards has alleged that due to the analysis, smart contract code, and some dubious transactions, the hack may have been an inside job. Any and all theories on the matter are simply conjecture, as no concrete evidence has been discovered as of yet.
What Wintermute Users Can Expect Following the Hack
Anyone that has funds stored with Wintermute can rest easy. As stated before, CEO Evgeny Gaevoy has come out publicly to assure users that the company is still solvent. Wintermute has over $350 million in equity remaining, which is more than double that which was lost in the breach.
Gaevoy also noted that while users have nothing to worry about, any user is allowed and welcome to recall their loan with the company, should they feel safer doing so.
Normal trading operations through Wintermute’s decentralized finance platform were temporarily paused on the day of the trade and for a couple days following. Since then, the platform is back and operating normally.
Should You Use Wintermute?
There are many options for those looking for an exchange for which to trade and hold cryptocurrencies. Wintermute offers everything one could want in a crypto exchange platform. However, it is fair to be wary of trusting the company with your funds, as this recent breach is the second security hack that Wintermute has been hit with just this year.
From everything we’ve seen, Wintermute is run by a group of trusted individuals, who also provide liquidity on some of the most popular and reputable cryptocurrency exchanges, like Binance, Coinbase, and Kraken. The heads of the company have been transparent throughout everything and have shown no reason for users to be worried about losing their funds.
Had this type of breach happened to a number of other platforms, the company may have gone belly up. However, Wintermute and its CEO have shown their propensity to deal with major conflicts. While the exact method of the breach as well as the perpetrator are still up in the air, Wintermute operations have continued as scheduled, showing their ability to keep things afloat amidst tough times.
Overall, it will be up to your own decision whether you decide to trust Wintermute or not. While they do have a great team behind their platform, there is still something to be said about a platform that has two hacks in a single year. But if you are looking for a platform that hasn’t suffered a single hack, well the numbers are certainly dwindling as this Wintermute hack is the latest of a rapidly increasing number of hacks that have breached cryptocurrency platforms this year.
Read more about cryptocurrency platform hacks in our articles about The Binance Hack and The General Bytes ATM Hack.