Profanity May Be The Cause Of Crypto Trading Firm Wintermute’s $160 Million Hack

- Advertisement -

- Advertisement -

Wintermute, a London-based cryptocurrency firm that trades billions of dollars worth of digital assets daily, lost $160 million in a hack early Tuesday. Founder and CEO Evgeny Gavoy says he found out minutes after the hack, around 6:00 PM London time. an hour later, he announced Without explaining how the theft happened on Twitter. All told, the hacker stole about $120 million worth of Wintermute’s “stablecoins,” including USDC and USDT, $20 million worth of its bitcoin and ether, and another $20 million worth of less. -Includes known cryptocurrencies.

- Advertisement -

Gayvoy explained Forbes That, although the investigation is still ongoing, the hack appears to have originated with a service called Profenity, which generates “vanity addresses” for digital cryptocurrency accounts to make them easier to operate. Otherwise, crypto accounts are roughly 30-character strings of various letters and numbers. Last week, a blog post by another crypto firm revealed A security vulnerability with a code of profanity. The gist of the problem: someone with enough computing power can generate all possible keys or passwords created to address the vanity of profanity. They can then scan the relevant accounts to see how much money they have and steal the money.

Gayvoy says Wintermute was using Profenity not to create an easy-to-remember name for digital accounts, but to reduce the cost of its business transactions, as it is another feature of Profenity’s service. When Wintermute became aware of the vulnerability last week, they took steps to “blacklist” their technically profane accounts, to protect them from liquidation. However, according to Gayvoy, due to his own “human error”, one in 10 accounts was not blacklisted, possibly resulting in the theft of $160 million.

These trading accounts were part of Wintermute’s “decentralized finance” or DeFi business, where it increasingly trades on decentralized exchanges such as Uniswap and Sushi Swap that are not controlled by a single entity. Since the DeFi ecosystem is young, highly experimental and designed to be more openly accessible than traditional finance, it does not have the same security measures as centralized exchanges such as Coinbase. “You don’t have any circuit breakers. You don’t have any two-factor authentication to help you store your keys,” Gayvoy says.

According to, in 2021, DeFi hacks generated a total investment of $1.3 billion. Research by security firm Certik. Analytics Firm Chainalysis Estimate that groups affiliated with North Korea stole $1 billion from the DeFi protocol in the first eight months of 2022.

Some tried-and-true security practices in crypto, such as using external hardware wallets or “multi-sig” applications that require multiple parties to be digitally signed before a transaction is approved, are used for automated trading. Cannot be used for the type of wintermute does. All you need to do is sign transactions on the fly within seconds, says Gayvoy. So they had to invent their own technical equipment and security protocols. “After all, that’s the risk we took. It was calculated.” DeFi has been a flourishing part of Wintermute’s business over the years. “It didn’t work this year,” he admits.

Wintermute’s CEO has some clues as to who the hacker might be, and he’s investigating them “internally and with the use of external partners.” He is hoping that the hacker will become a “white hat”, returning most of the funds, and he is now offering a 10% reward, or $16 million, if the hacker gives back the remaining $144 million. He tweeted That Wintermute “would like to solve this in a simpler way, but the window of opportunity to do so is rapidly closing due to the high profile of this exploit.”

Despite a new $160 million hole in its balance sheet, Gayvoy says Wintermute is on sound financial footing, with more than $350 million in equity. “We are one of the very few crypto-native proprietary trading firms that can really take this punch,” says the CEO. For a few hours after the hack, the company halted its OTC trading desk, where it facilitates large trading between other parties. But it is back to normal again.

Credit: /

- Advertisement -

Recent Articles

Related Stories