Pierluigi Paganini
September 21, 2022
Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute.
The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. The company confirmed the disruption of its services in the coming days, but it pointed out that it is “solvent with twice over that amount in equity left.”
Threat actors breached the company and performed multiple transactions that transferred multiple cryptocurrencies to a wallet under their control.
The company states that the centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security breach.
Below is a message shared by Wintermute founder Evgeny Gaevoy via Twitter:
We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected
— wishful cynic (@EvgenyGaevoy) September 20, 2022
We are (still) open to treat this a s a white hat, so if you are the attacker – get in touch
— wishful cynic (@EvgenyGaevoy) September 20, 2022
“If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after.” Gaevoy added.
“Out of 90 assets that has been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap”
The company did not disclose details about the attack, Gaevoy said that it is open to negotiating a bounty with the attackers for having exploited a vulnerability in its platform.
Gaevoy is offering to the investors the opportunity to recall loans if they wanted to.
Researchers speculate that the attacker likely exploited a vulnerability in Profanity, which generates “vanity addresses” for digital cryptocurrency accounts.
“Wintermute had been using Profanity not to create easy-to-remember names for digital accounts, but to lower its trading transaction costs, since that’s another feature of Profanity’s service, Gaevoy says. When Wintermute learned of the vulnerability last week, they took steps to technologically “blacklist” their Profanity accounts, shielding them from being liquidated.” reported Forbes. “However, due to their own “human error,” one of the 10 accounts didn’t get blacklisted, according to Gaevoy, which probably resulted in the $160 million heist.”
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, security breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
