$160 million Wintermute exploit and 400 ETH payout: Hacks in the DeFi ecosystem


  • Market maker Wintermute was drained of $160 million, after falling prey to a DeFi exploit. 
  • A white hat hacker uncovered a multi-million dollar vulnerability in the Ethereum  Arbitrum Nitro bridge and received 400 ETH as payout. 
  • 90 assets were hit by the Wintermute attack, none of the assets were over notional $2.5 million, no major sell-off expected. 

Exploits in the DeFi ecosystem, on decentralized exchanges, market makers and bridges have become increasingly common. Wintermute was drained of $160 million in the latest exploit, but its CEO has confirmed on-chain trading will continue. Ethereum and Arbitrum-Nitro bridge dodged a multi-million dollar attack, paying out 400 ETH to a white hat hacker. 

Also read: Bitcoin price: All eyes on FOMC, negative inflation could slash hopes for crypto

Wintermute suffers $160 million exploit, no major sell-off expected

Leading crypto market maker Wintermute was hit by a $160 million exploit. Wintermute has partnered with the world’s best crypto exchanges and projects to provide liquidity. Therefore an exploit on Wintermute raised several concerns among the crypto community. 

Evgeny Gaevoy, the CEO of Wintermute pointed out that the DeFi wing of the firm was targeted in the attack and funds in the centralized exchange and over-the-counter offerings remained safe. 

Among the 90 assets hit by the attack, only two have been for notional over $1 million and none more than $2.5 million. Gaevoy assured the community that there will be no major sell-off in the crypto ecosystem. The CEO shed light on the firm's solvency. “Insolvency” is a common term that has been making the rounds in the crypto market since Three Arrows Capital fund’s failure.  

Gaevoy assured traders that Wintermute is still solvent. He was quoted as saying:

We are solvent with twice over that amount in equity left. If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after. We are (still) open to treating this as a white hat, so if you are the attacker – get in touch.

An address associated with the Wintermute hack (0xe74b28c2eae8679e3ccc3a94d5d0de83ccb84705) deposited a whopping $114 million into Curve. The address has been flagged on Etherscan as related to the Wintermute exploit. 

Wintermute hacker address

Wintermute hacker address

$114 million added to Curve

$114 million added to Curve

Gaevoy shared updates on the exploit, attributing it to human error. The market maker has put a 10% bounty to the hacker if all funds are returned, approximately 16 million USDC. The attack vector was associated with the market maker’s Ethereum vault, used for on-chain DeFi trading operations and this is separate from CeFi and OTC operations of the firm. 

None of Wintermute’s CeFi or OTC wallets were affected or compromised and the exploit was most likely a “Profanity-type exploit.”

Profanity, used for key-generation on the compromised wallet address was exploited last week according to 1inch contributors and the hack was therefore a human error. Despite the discovery of the Profanity exploit, the firm failed to switch its key generation from the compromised project to elsewhere. 

White hat hacker identified huge vulnerability in Ethereum to Arbitrum bridge

A white hat hacker uncovered a multi-million dollar vulnerability in the bridge linking Ethereum and Arbitrum. Arbitrum is a layer-2 optimistic rollup solution for Ethereum. It reduces network congestion and saves fees. Arbitrum Nitro aims to simplify communication between Arbitrum and Ethereum. 

The hacker received a 400 ETH bounty for the find. The attacker goes by the name: Riptide. Riptide explained the exploit in a Medium post. The post reads:

We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.

If a hacker with malicious intent identified the vulnerability the hack could potentially drain tens or hundreds of millions worth of Ethereum. 168,000 ETH, valued over $225 million could have been stolen in the exploit.

As there was massive earning potential from the exploit, Riptide believes the find should be eligible for a max bounty, worth $2 million. 

 


Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.

FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.

The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.

Recommended content


Recommended Content

Editors’ Picks

Bitcoin Weekly Forecast: Further upside likely after hitting new all-time high

Bitcoin Weekly Forecast: Further upside likely after hitting new all-time high

Bitcoin (BTC) surged more than 10% this week, hitting a new high of $76,849 on Thursday, buoyed by the crypto-friendly candidate Donald Trump’s victory in the US presidential election.

More Bitcoin News
Cardano breaks above descending trendline, eyes April high as bullish momentum builds

Cardano breaks above descending trendline, eyes April high as bullish momentum builds

Cardano extends gains on Friday, following a close above a descending trendline the previous day. Technical indicators and on-chain data show bullish momentum, suggesting a rally ahead.

More Cardano News
Top 3 Price Prediction: BTC touches new all-time high near $77,000 following Fed rate cut

Top 3 Price Prediction: BTC touches new all-time high near $77,000 following Fed rate cut

Bitcoin price rallied and reached a new all-time high of $76,849 following the US Federal Reserve’s 25 basis point rate cut. Ethereum and Ripple followed suit and closed above their key resistance levels, hinting at a possible rally ahead.

More Cryptocurrencies News
Bitcoin, crypto market remain in uptrend following 25 bps Fed rate cut

Bitcoin, crypto market remain in uptrend following 25 bps Fed rate cut

Fed Chair Jerome Powell stated that the FOMC lowered the Fed funds rate by 25 basis points. The rate cut comes after Bitcoin reached a new all-time high price upon Donald Trump's election victory.

More Bitcoin News
Bitcoin: New all-time high at $78,900 looks feasible

Bitcoin: New all-time high at $78,900 looks feasible

Bitcoin price declines over 2% this week, but the bounce from a key technical level on the weekly chart signals chances of hitting a new all-time high in the short term. US spot Bitcoin ETFs posted $596 million in inflows until Thursday despite the increased profit-taking activity.

Read full analysis
Best Forex Brokers with Low Spreads

Best Forex Brokers with Low Spreads

VERIFIED Low spreads are crucial for reducing trading costs. Explore top Forex brokers offering competitive spreads and high leverage. Compare options for EUR/USD, GBP/USD, USD/JPY, and Gold.

Read More

BTC

ETH

XRP