Wintermute Asks Hacker To Return Stolen Funds — Or Face Legal Action

Zinger Key Points
  • Hacker warned of legal consequences by Wintermute if stolen funds not returned.
  • Wintermute CEO Evgeny Gaevoy blames "human error" for the hack.

Automated market maker Wintermute, which was hacked of $160 million worth of funds, has told the hacker to return the stolen funds or face legal consequences.

In an on-chain message sent to the hacker on Thursday, Wintermute warned whoever it was to accept a $16 million white-hat bounty and return the remaining $144 million.

Cooperate or Face Legal Consequences

“We want to cooperate with you and resolve this matter immediately. Accept the terms of the bounty and return the funds within 24 hours before September 22nd UST by 23:59 while we can still consider this a white-hat event for a 10% bounty as offered,” the message said.

The message further stated the hacker would be referred to as a "white hat" (a term used to describe ethical hackers) if they returned the funds.

This suggests an assurance that if the bad actor agrees to the request, no legal action will be pursued.

The hacker still has about 6 hours as of this writing to accept the bounty offer.

If the money, minus the bounty, is not returned within the stipulated time, the Wintermute team will contact the "relevant authorities and avenues," the on-chain statement said.

“If the stolen funds are not returned by the deadline, you will force us to remove our bounty offer and white-hat label; we will then proceed accordingly with the appropriate authorities and avenues,” it stated.

Human Error Attributed to the Hack

According to Wintermute CEO Evgeny Gaevoy, the theft of around $160 million from the algorithmic market maker service was the result of a "human mistake."

The assault vector was connected to the Ethereum ETH/USD vault that Wintermute uses for its on-chain decentralized finance (DeFi) trading activities.

Gaevoy emphasized this wallet was separate from Wintermute's centralized financing (CeFi) and over-the-counter (OTC) activities, as well as that none of its internal or counterparty data, nor any of its CeFi or OTC wallets, were harmed or compromised.

A Profanity-Related Vulnerability Was Used in the Assault

Gaevoy said that a "profanity-type exploit" on Wintermute's DeFi vault was most likely what started the attack.

Profanity was used to produce keys on the compromised wallet address last week, according to a post written by 1inch contributors.

Are you ready for the next cryptocurrency bull run? Be prepared before it happens! Hear from industry thought leaders like Kevin O’Leary and Anthony Scaramucci at the 2022 Benzinga Crypto Conference on Dec. 7 in New York City.

Photo: Pira25 via Shutterstock

Market News and Data brought to you by Benzinga APIs
Posted In: CryptocurrencyNewsLegalAfter-Hours CenterMarketscrypto hackDeFiEvgeny GaevoyhackersWintermute
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!