[Updated on 23 September 2022]
A large scale attack on the cryptocurrency trading company Wintermute has meant that an estimated $160 million has slipped into the hands of the adversary. Although it is unclear how the attacker or attackers will proceed, you can see their (very full!) wallet here.
[Updated on 21 September 2022] Crypto Trader Wintermute Loses $160M to Hackers
London-based cryptocurrency trader Wintermute has reportedly lost about $162 million of its decentralised finance (DeFi) operations in digital assets to hackers. The company remains solvent. CEO Evgeny Gaevoy tweeted “We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected”. “We are solvent with over twice that amount in equity left”. Blockchain cybersecurity company Certik has said a that a vulnerability known about since at least January was likely behind the hack. Certik said the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability, and that hat a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack. Read more
- Report: Crypto Trader Wintermute Loses $160M to Hackers
- Well-known vulnerability in private keys likely exploited in $160M Wintermute hack
Cryptocurrency DeFi platform Wintermute said it was hacked and lost $160 million in a security breach that took place on Tuesday, September 20.
We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected
— wishful cynic (@EvgenyGaevoy) September 20, 2022
Most of the cryptocurrency security space appears to believe the attacker exploited a recently-disclosed vulnerability in an Ethereum vanity address generator tool to steal funds from Wintermute’s main ETH wallet.
The fallout from profanity vulnerability seems to continue.
In this #Wintermute case, attackers took over a vanity address of a deployer.
While funds were recently removed from address, the deployer still had admin privileges on the contract and attackers used it to drain $160M. https://t.co/596UqN1BTy— Tal Be'ery (@TalBeerySec) September 20, 2022
Wintermute’s CEO said the company remains solvent and said they are still open to the idea of offering a bug bounty payout to the attacker if they return the stolen funds.
We are (still) open to treat this a s a white hat, so if you are the attacker – get in touch
— wishful cynic (@EvgenyGaevoy) September 20, 2022
Wintermute is named after the AI in the cyberpunk novel Neuromancer, written by William Gibson.https://t.co/38ZjuemTOj
— web3 is going just great (@web3isgreat) September 20, 2022
The post Wintermute crypto-heist appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.
This post first appeared on PUPUWEB - Information Resource For Emerging Technology Trends And Cybersecurity, please read the originial post: here