Key Takeaways
- Wintermute has been hacked for $160 million.
- The hackers targeted the firm’s DeFi operations. Its centralized activity and over-the-counter services are unaffected.
- Wintermute founder and CEO Evgeny Gaevoy has said the firm is still solvent and user funds are safe.
Share this article
Gaevoy said that the firm would be open to treating the incident as a white hat attack.
Wintermute Hit for $160M
Wintermute has been hacked for $160 million, the company’s founder and CEO Evgeny Gaevoy has confirmed.
We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected
— wishful cynic (@EvgenyGaevoy) September 20, 2022
In a Tuesday tweet storm, Gaevoy said that the market maker had lost the nine-figure sum through its DeFi operations. He added that the firm remained solvent and said its centralized and over-the-counter services were not affected. “We are solvent with over twice [the amount stolen] in equity left,” he wrote, assuring customers that their funds were safe.
Gaevoy said that 90 different assets were stolen. Of those assets, two of the sums lost were worth between $1 million and $2.5 million. The takings from the remaining 88 were worth under $1 million each.
Wintermute is one of crypto’s leading market makers. It adds liquidity to markets across both centralized and decentralized trading venues to improve efficiency. It also runs an over-the-counter service for high-net-worth individuals and institutional clients.
Polygon’s chief information security officer Mudit Gupta posted a tweet storm and blog post about the hack early Tuesday, saying he suspected that it was “a hot wallet compromise.” Gupta pointed out that Wintermute recently disclosed a Profanity bug, which may have inspired some hackers to target the firm.
On-chain researcher zachxbt shared the hacker’s wallet on Twitter, pointing to an Ethereum address that currently holds $163 million worth of digital assets, per Zapper data. Around 70% of the funds have been deposited to Curve Finance’s tricrypto pool, a popular move among hackers who don’t intend to return stolen funds (stablecoin issuers like Circle and Tether can’t freeze funds once they get added to decentralized exchange liquidity pools).
Rounding out the announcement of the hack, Gaevoy said that the firm would be happy to treat the incident as a white hat attack and invited the perpetrator to come forward.
Interestingly, several crypto users got in touch with the attackers via on-chain messages after zachxbt shared the address. “look [sic] like you start approving the contract to dump now, please think about that and return,” one wrote.
Disclosure: At the time of writing, the author of this piece owned ETH, CRV, and several other cryptocurrencies.