Hackers stole $160 Million from Crypto market maker Wintermute

Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute.

Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute.

The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. The company confirmed the disruption of its services in the coming days, but it pointed out that it is “solvent with twice over that amount in equity left.”

Threat actors breached the company and performed multiple transactions that transferred multiple cryptocurrencies to a wallet under their control.

The company states that the centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security breach.

Below is a message shared by Wintermute founder Evgeny Gaevoy via Twitter:

“If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after.” Gaevoy added.

“Out of 90 assets that has been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap”

The company did not disclose details about the attack, Gaevoy said that it is open to negotiating a bounty with the attackers for having exploited a vulnerability in its platform.

Gaevoy is offering to the investors the opportunity to recall loans if they wanted to.

Researchers speculate that the attacker likely exploited a vulnerability in Profanity, which generates “vanity addresses” for digital cryptocurrency accounts.

“Wintermute had been using Profanity not to create easy-to-remember names for digital accounts, but to lower its trading transaction costs, since that’s another feature of Profanity’s service, Gaevoy says. When Wintermute learned of the vulnerability last week, they took steps to technologically “blacklist” their Profanity accounts, shielding them from being liquidated.” reported Forbes. “However, due to their own “human error,” one of the 10 accounts didn’t get blacklisted, according to Gaevoy, which probably resulted in the $160 million heist.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, security breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.