Inside Crypto Firm Wintermute’s $160M Hack

Jethro Sandico

Sep. 21, 2022

Cryptocurrency firm Wintermute lost $160 million in a massive hack on September 20, 2022.

According to Wintermute Founder and CEO Evgeny Gaevoy, funds on the centralized exchanges and over-the-counter services are safe from the heist. 

“We’ve been hacked for about $160M in our DeFi operations. Cefi and OTC operations are not affected,” Gaevoy said in a Tweet, adding “If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after.”

The company also claims that Wintermute is still “solvent.” In finance, solvency refers to the ability of an enterprise to meet financial obligations, such as long-term debts. It is one way to gauge a business’ financial health, as demonstrated through the entity’s capacity to run operations.

“If you are a lender to Wintermute, again, we are solvent, but if you feel safer recalling the loan, we can absolutely do that,” Gaevoy stated.

Wintermute’s CEO also assured that there won’t be any major sell-off that could bring more troubles to the company.

“Out of 90 assets that have been hacked only two have been for notional over $1 million (and none more than $2.5M), so there shouldn’t be a major selloff of any sort. We will communicate with both affected teams asap,” Gaevoy said.

The company is still open to the possibility that this conundrum is just a white hat hack. White hat hackers attack systems to test their vulnerabilities. Gaevoy even encouraged the unknown attacker to keep in touch with the Wintermute team. As of this writing, there is still no information whether an ethical hacker perpetrated the attack.

Security has always been a recurring problem since the emergence of decentralized exchanges. In early August 2022, hackers targeted popular blockchain Solana. The attack drained thousands of wallets (mostly accounts on crypto wallet Phantom).

More Updates on the Hack

On September 21, Gaevoy posted some updates on the recent hack. The CEO detailed how the attack transpired. He explained that it happened in relation to a wallet used for “DeFi proprietary trading operations.” 

Gaevoy was referring to an independent entity most likely linked to Profanity, an Ethereum vanity address generator. On September 15, decentralized exchange aggregator 1inch uncovered some flaws in the tool. 

The Wintermute founder admitted that they indeed used Profanity in June. They utilized it along with an internal tool to generate addresses for gas optimization. Since then, the company has been using more secure ways to generate keys. However, he also stated that human error is also to blame.

“Due to an internal (human) error, a wrong function has been called and we blacklisted the router instead of the operator (contract that signs),” Gaevoy said, adding “As advanced as our tech may be,  most of the exploits come from human errors. Investing into processes to minimize human impact is something we continuously invest into, both internally and with the help of external security advice.”

About Wintermute

Based in London, England Wintermute describes itself as a “leading global algorithmic market maker in digital assets.” The company provides liquidity on exchanges and platforms such as Binance, Coinbase, FTX, Kraken, and Uniswap, among others.

Wintermute is backed by technology companies and blockchain-focused venture capital firms such as Lightspeed, Pantera, and Rockaway, among others.