Wintermute, a cryptocurrency market maker based in the United Kingdom, became the latest victim of decentralized finance (DeFi) hacks, losing approximately $160 million, according to Evgeny Gaevoy, the company’s founder and CEO.
Short communication on the ongoing Wintermute hack— wishful cynic (@EvgenyGaevoy) September 20, 2022
According to Etherscan, over 70 different tokens have been transferred to “Wintermute exploiter,” including $61,350,986 in USD Coin (USDC), 671 Wrapped Bitcoin (wBTC), which is roughly $13,030,061, and $29,461,533 Tether (USDT). The largest token sum appears to be USDC.
The company’s over-the-counter and centralized finance operations were not affected, as the hacker(s) drained funds from its DeFi operations. Gaevoy stated that the market maker is solvent with twice the stolen amount in equity left, stressing that users’ funds are safe.
Wintermute is an algorithmic market maker working with digital assets such as cryptocurrencies. The group is a registered company in the United Kingdom, located in Cheshire, and regulated by the Financial Conduct Authority. According to Companies House, Evgeny Gaevoy is director with “more than 25%, but not more than 50%” of shares.
According to Ajay Dhingra, head of research and analytics at smart exchange Unizen, “The nature of the exploit suggests that Wintermute’s hot wallet was compromised.” Dhingra told Cointelegraph that “The attacker cleverly manipulated the bug in the smart contract.”
"This incident again brings focus on tightening the screws around smart contract security, which is an uncharted territory as of now."
In the short tweet thread, Gaevoy, a Dutch national, suggested that the hack could be treated as a white hat hack. The perpetrator may contact Wintermute to share the vulnerabilities they discovered to avoid repeat hacks in the future.
White hat hacks are common in crypto. Exchanges, market markers and sometimes companies reward hackers bounties in the form of cash or job positions. As the Ether (ETH) address for the Wintermute Exploiter is public, the address has been spammed by crypto enthusiasts, stating messages like “plz give. I’m very poor. Even $5k would be amazing.”
People spamming the wintermute exploiter— Paul (@Frapees) September 20, 2022
Always fun going through these messages pic.twitter.com/a8ZSoQKFT1
Cointelegraph has reached out to Wintermute for a response and will update when possible.