- Market maker Wintermute was drained of $160 million, after falling prey to a DeFi exploit.
- A white hat hacker uncovered a multi-million dollar vulnerability in the Ethereum Arbitrum Nitro bridge and received 400 ETH as payout.
- 90 assets were hit by the Wintermute attack, none of the assets were over notional $2.5 million, no major sell-off expected.
Exploits in the DeFi ecosystem, on decentralized exchanges, market makers and bridges have become increasingly common. Wintermute was drained of $160 million in the latest exploit, but its CEO has confirmed on-chain trading will continue. Ethereum and Arbitrum-Nitro bridge dodged a multi-million dollar attack, paying out 400 ETH to a white hat hacker.
Also read: Bitcoin price: All eyes on FOMC, negative inflation could slash hopes for crypto
Wintermute suffers $160 million exploit, no major sell-off expected
Leading crypto market maker Wintermute was hit by a $160 million exploit. Wintermute has partnered with the world’s best crypto exchanges and projects to provide liquidity. Therefore an exploit on Wintermute raised several concerns among the crypto community.
Evgeny Gaevoy, the CEO of Wintermute pointed out that the DeFi wing of the firm was targeted in the attack and funds in the centralized exchange and over-the-counter offerings remained safe.
Among the 90 assets hit by the attack, only two have been for notional over $1 million and none more than $2.5 million. Gaevoy assured the community that there will be no major sell-off in the crypto ecosystem. The CEO shed light on the firm's solvency. “Insolvency” is a common term that has been making the rounds in the crypto market since Three Arrows Capital fund’s failure.
Gaevoy assured traders that Wintermute is still solvent. He was quoted as saying:
We are solvent with twice over that amount in equity left. If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after. We are (still) open to treating this as a white hat, so if you are the attacker – get in touch.
An address associated with the Wintermute hack (0xe74b28c2eae8679e3ccc3a94d5d0de83ccb84705) deposited a whopping $114 million into Curve. The address has been flagged on Etherscan as related to the Wintermute exploit.
Wintermute hacker address
$114 million added to Curve
Gaevoy shared updates on the exploit, attributing it to human error. The market maker has put a 10% bounty to the hacker if all funds are returned, approximately 16 million USDC. The attack vector was associated with the market maker’s Ethereum vault, used for on-chain DeFi trading operations and this is separate from CeFi and OTC operations of the firm.
Short communication on the ongoing Wintermute hack
— wishful cynic (@EvgenyGaevoy) September 20, 2022
None of Wintermute’s CeFi or OTC wallets were affected or compromised and the exploit was most likely a “Profanity-type exploit.”
Profanity, used for key-generation on the compromised wallet address was exploited last week according to 1inch contributors and the hack was therefore a human error. Despite the discovery of the Profanity exploit, the firm failed to switch its key generation from the compromised project to elsewhere.
White hat hacker identified huge vulnerability in Ethereum to Arbitrum bridge
A white hat hacker uncovered a multi-million dollar vulnerability in the bridge linking Ethereum and Arbitrum. Arbitrum is a layer-2 optimistic rollup solution for Ethereum. It reduces network congestion and saves fees. Arbitrum Nitro aims to simplify communication between Arbitrum and Ethereum.
The hacker received a 400 ETH bounty for the find. The attacker goes by the name: Riptide. Riptide explained the exploit in a Medium post. The post reads:
We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.
If a hacker with malicious intent identified the vulnerability the hack could potentially drain tens or hundreds of millions worth of Ethereum. 168,000 ETH, valued over $225 million could have been stolen in the exploit.
As there was massive earning potential from the exploit, Riptide believes the find should be eligible for a max bounty, worth $2 million.
No big deal just bridging a cool $470mm through the same Inbox contract
— riptide (@0xriptide) September 20, 2022
Definitely should be eligible for a max bounty
https://t.co/w7S58QNQZu
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Recommended Content
Editors’ Picks
Polygon joins forces with WSPN to expand stablecoin adoption
WSPN, a stablecoin infrastructure company based in Singapore, has teamed up with Polygon Labs to make its stablecoin, WUSD, more useful in payment and decentralized finance.
Coinbase envisages listing of more meme coins amid regulatory optimism
Donald Trump's expected return to the White House creates excitement in the cryptocurrency sector, especially at Coinbase, the largest US-based crypto exchange. The platform is optimistic that the new administration will focus on regulatory clarity, which could lead to more token listings, including popular meme coins.
Cardano's ADA leaps to 2.5-year high of 90 cents as whale holdings exceed $12B
As Bitcoin (BTC) gets closer to the $100,000 mark for the first time — it crossed $99,000 earlier Friday — capital is rotating into alternative cryptocurrencies, creating a buzz in the broader crypto market.
Shiba Inu holders withdraw 1.67 trillion SHIB tokens from exchange
Shiba Inu trades slightly higher, around $0.000024, on Thursday after declining more than 5% the previous week. SHIB’s on-chain metrics project a bullish outlook as holders accumulate recent dips, and dormant wallets are on the move, all pointing to a recovery in the cards.
Bitcoin: Rally expected to continue as BTC nears $100K
Bitcoin (BTC) reached a new all-time high of $99,419, just inches away from the $100K milestone and has rallied over 9% so far this week. This bullish momentum was supported by the rising Bitcoin spot Exchange Traded Funds (ETF), which accounted for over $2.8 billion inflow until Thursday. BlackRock and Grayscale’s recent launch of the Bitcoin ETF options also fueled the rally this week.
Best Forex Brokers with Low Spreads
VERIFIED Low spreads are crucial for reducing trading costs. Explore top Forex brokers offering competitive spreads and high leverage. Compare options for EUR/USD, GBP/USD, USD/JPY, and Gold.