Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Cyber Security

Products You May Like

In what’s the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute.

The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker’s wallet.

The company said that its centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security incident. It did not disclose when the hack took place.

CyberSecurity

The digital asset market maker, which provides liquidity to more several exchanges and crypto platforms, warned of disruption to its services in the coming days, but stressed that it’s “solvent with twice over that amount in equity left.”

“We are (still) open to treat[ing] this as a white hat, so if you are the attacker – get in touch,” the company’s founder and CEO, Evgeny Gaevoy, said in a tweet.

Details surrounding the exact exploit method used to perpetuate the hack is unknown at the moment, although Gaevoy said the attack was likely caused by a “Profanity-type exploit” in its trading wallet.

Wintermute further acknowledged it did use Profanity, an Ethereum vanity address generation software, alongside an in-house tool to generate addresses with many zeros in front as recently as June.

The open-source project is currently abandoned by its anonymous maintainer, who goes by the moniker johguse, citing “fundamental security issues in the generation of private keys.”

Profanity, incidentally, also came under spotlight last week after decentralized exchange (DEX) aggregator 1inch Network disclosed a vulnerability that could be abused to recompute the private wallet keys from addresses created using the utility.

CyberSecurity

Subsequently, the attack vector was exploited by malicious actors to drain $3.3 million from Ethereum addresses made with Profanity on September 16, 2022.

The Wintermute breach is the latest attack on DeFi protocols, including that of Axie Infinity, Harmony Horizon Bridge, Nomad, and Curve.Finance in the past few months. Some of these thefts have been attributed to the North Korea-backed Lazarus Group.

Products You May Like

Articles You May Like

Realme 13 Pro+ 5G Monet Purple Colour Variant Launched in India: Availability, Offers
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns
Atlantic Ocean Might Be Undergoing a Rapid Cooling Near Equator And Scientists Do Not Know Why
Google Pay Announces UPI Circle, UPI Vouchers and More Features at Global Fintech Fest 2024
Oppo Enco Air 4 With Active Noise Cancellation, IP55 Rating Unveiled: Price, Specifications

Leave a Reply

Your email address will not be published. Required fields are marked *