Crypto market maker Wintermute has suffered a major cyberattack in which the perpetrators managed to steal $160 million worth of digital assets.
in one Twitter thread (opens in new tab)The company’s CEO, Evgeny Gaevoy, said the attackers were targeting Wintermute’s DeFi proprietary trading operations, which are “entirely separate and independent” from its CeFi and OTC operations.
“The attack targeted our wallet, which is used for DeFi proprietary trading operations that are completely separate and independent from our CeFi and OTC operations. Our internal systems in both Cefi and Defi are not affected, nor is internal or counterparty data,” he added.
Company remains solvent
Gaevoy further explained what happened, saying the attack was “probably linked to the Profanity-type exploit of his DeFi trading wallet.” “We used Profanity and an internal tool to generate addresses with lots of leading zeros. Our reason for doing so was gas optimization, not “vanity,” he added, before explaining that the team last generated such addresses in June.
“We have since moved to a more secure key generation script. When we found out about the profanity exploit last week, we expedited the retirement of the “old key,” Gaevoy explained.
Despite the breach and its damaging effects, according to Gaevoy, customers shouldn’t worry too much as funds are safe for customers with Wintermute agreements. The company is still solvent, “with more than twice as much equity left.”
In total, the crooks stole 90 different tokens, including stablecoins USDC and USDT.
While the investigation is still ongoing, the team is trying to solve the problem in a simple way by offering the attacker a 10% bonus if they return the remaining money. In a subsequent tweet, Gaevoy said, “We are offering the hacker a 10% bounty on the funds raised. To make it easy, we suggest you to transfer all funds raised by the exploit except 16 million USDC.”
At the time of going to press no payment had been made.
About: The Register (opens in new tab)
https://www.techradar.com/news/yet-another-major-crypto-firm-has-been-hacked Yet another major crypto firm has been hacked