Crypto market-making giant Wintermute has become the latest victim of DeFi-related exploits, with hackers making off with US$160 million across 90 assets within the platform’s portfolio.
According to Etherscan, over 70 different tokens have been transferred to the hacker, aptly named as “Wintermute exploiter,” including US$61,350,986 in USDC, 671 wBTC (approximately US$13,030,061), and US$29,461,533 in USDT.
In a Twitter thread on Tuesday, Wintermute CEO and founder Evgeny Gaevoy said that the platform remains “solvent with twice over that amount in equity left”, adding that its CeFi and OTC operations are not affected.
Wintemute also remains open to treating the hack as a “white hat” scenario, in which the hacker returns the funds and receives a reward for identifying a vulnerability, he said.
“The hack compromised the administrator key of the Wintermute vault, allowing the attackers to steal US$160M. Last week, a vulnerability in Profanity, a virtual address creation tool, was revealed, and this vulnerability enabled the attack on Wintermute through the administrator key,” Jasper Lee, audit tech lead at Sooho.io, told Blockhead.
Twitter users first uncovered the suspicious activity at 6am UTC, 2 hours before Gaevoy’s tweet. Self-proclaimed crypto detective ZachXBT then claimed to have identified the hacker’s wallet address, which contains US$47.8 million in its wallet, with the remaining US$111 million in stablecoins being sent to Curve Protocol’s 3pool – likely done to circumvent any restrictions by Tether or Circle.
“This is a very sobering situation. Security measures will be needed to continuously identify and update 1-day vulnerabilities that have been reported but not yet mitigated,” Lee added.
In August, cross-chain bridge Nomad was hacked for US$190 million. According to Chainalysis US$1.9 billion have been stolen via hacks in the first half of this year.
Wintermute was recently named as Tron’s official DeFi market maker. The UK-based platform is also a member of the TronDAO, allowing it access to mint and redeem USDD, Tron’s native stablecoin.
Crypto community reacts
As the Ether (ETH) address for “Wintermute Exploiter” is public, the address has been spammed with troll comments by the crypto community.
One user said “plz give. I’m very poor. Even $5k would be amazing.”
Another highlighted his plight during this crypto winter: “plz bruh toss me some I’m down absolutely horrendous rn.”
One even said “give the money back and you go to heaven, God forgive you.”