Human Error Caused $160M Hack Of Algorithmic Market Maker Service Wintermute, Says CEO

Zinger Key Points
  • Wintermute offers a 10% bounty to the hacker
  • On-chain trading operations will continue as usual, says Wintermute CEO
Human Error Caused $160M Hack Of Algorithmic Market Maker Service Wintermute, Says CEO

The theft of about $160 million from algorithmic market maker service Wintermute was caused due to a “human error,” the company’s CEO Evgeny Gaevoy on Wednesday explained the attack vector was associated with Wintermute’s Ethereum ETH/USD vault, used for on-chain decentralized finance (DeFi) trading operations.

The culprit offered a 10% bounty

Additionally, Wintermute has offered a 10% bounty to the hacker, which would be worth 16 million USDC if all the money were to be recovered.

Gaevoy highlighted that this wallet was independent of its centralized finance (CeFi) and over-the-counter (OTC) activities and that none of Wintermute's CeFi or OTC wallets, as well as any of its internal or counterparty data, were impacted or compromised.

Profanity-type exploit brought the attack

Gaevoy said that the assault was most likely brought on by a "Profanity-type exploit" on Wintermute's DeFi vault.

According to a post published by 1inch contributors, Profanity was exploited last week to generate keys on the hacked wallet address.

Internal error caused a loss of $160 million

Gaevoy said that the hack Wintermute experienced was caused by an "internal (human) error" after it discovered the Profanity attack.

He added that Wintermute will not be terminating any staff, altering its strategies going ahead, seeking extra funds, or ceasing its DeFi activities despite the financial setback.

Wintermute used Profanity, an open-source tool for creating numerous addresses, together with an internal tool to create an address with several zeroes at the front, when it first set up its DeFi vault and this was due to "gas optimization, not vanity," according to Gaevoy.

He further added that vanity addresses had admin capabilities and the prefix "0x0000000."

Since the disclosure of the attack, security professionals have theorized that this prefix may be exploited by hackers if they gain access to the private key.

In June, Wintermute started avoiding this configuration and used a more secure key-generation process.

Wintermute removed all of its ETH from the hacked vanity address wallet as part of the accelerated process of "retiring" the old key.

However, according to Berkeley ICSI staff researcher Nicholas Weaver, the company “failed to remove this address’s ability to sign for and do other things.”

Moreover, Gaevoy stated that owing to the nature of high-frequency trading, running on-chain trade carries certain dangers that Wintermute was fully aware of.

These risks largely stem from the lack of protections like 2FA-protected key creation or the possibility to employ multisignatures involving high-frequency trading (HFT).

Are you ready for the next crypto bull run? Be prepared before it happens! Hear from industry thought leaders like Kevin O’Leary and Anthony Scaramucci at the 2022 Benzinga Crypto Conference on Dec. 7 in New York City.

Posted In: BitcoinEthereumUSDCWintermuteCryptocurrencyMarkets

Visit Benzinga's Crypto Homepage - 1,000,000+ depend on Benzinga Crypto every month