Skip to content

Crypto Sleuth Links The Wintermute $160M Hack To Insider Job

  • 3 min read
  • Latest

In the crypto industry, issues of hacks and exploits have become one of the dreaded nightmares. The increasing expansion of the crypto space brews more exploitations as well. Despite the security measures most crypto protocols build around them, the bad actors never cease to scan for available vulnerabilities.

On September 20, a source revealed bug exploitation on a Wintermute smart contract. According to the report, the hacker carted away more than 70 different crypto tokens from the platform worth about $160 million.

The stolen tokens include 671 Wrapped Bitcoin (wBTC), Tether (USDT), and USD Coin (USDC). The values of the coins at the time of the exploit are $13 million, 29.5 million, and 61.4 million, respectively.

Crypto Hack Analysis Points To An Internal Actor

A Medium post outlined the hack’s analysis. The author of the post, James Edwards, also known as the Librehash, stated the hack was from an internal party. His induction was based on how the exploit occurred on the smart contract of the algorithmic market maker.

Librehash alleged that the relevant transactions initiated by the externally owned address (EOA) suggest the involvement of a member of the Wintermute team.

Detailing his claims, Edwards reported that the EOA triggered the compromise on the Wintermute smart contract. He noted the EOA itself is compromised through the team’s use of a faulty online vanity address generator tool.

According to Edwards, the attacker could make calls on the Wintermute smart contract by recovering the EOA’s private key. But the EOA’s private key was supposed to have admin access.

Transparency Of Wintermute In Doubt

Edwards’ analysis revealed that the same has no uploaded and verified code. Hence, it inhibits the ease of the confirmation of the external hacker theory by the public. This spikes up concerns regarding the transparency of the algorithmic market maker.

The author termed it a transparency flop on the protocol itself. He noted that the smart contract manages users’ funds on the blockchain. So, the expectation is to enable the public to examine and audit the Solidity code.

Further analysis through manual decompiling of the smart contract code unveiled more truth. Edwards stated that the code did not match the attributed cause of the exploit.

Also, during the attack, there was a transfer of 13.48M USDT to the 0x0248 smart contract from the Wintermute smart contract. The hacker is supposedly the creator and controller of the recipient address.

Cryptocurrency market incurs a minor loss | Source: Crypto Total Market Cap on TradingView.com

Wintermute had not revealed details of the attack. But it took to Twitter to acknowledge the hack on September 21 while stating its continuous service to its partners. It noted that the hack did not impact its DeFi smart contract, internal systems, or third-party data.

Featured image from Al Bawaba, chart from TradingView.com