- Wintermute’s CEO, Evgeny Gaevoy, shared additional details via Twitter after encountering a $160M DeFi hack yesterday.
- Gaevoy is also offering a 10% bounty to hackers in exchange for stolen funds.
After encountering a massive $160M DeFi hack yesterday, Wintermute’s CEO, Evgeny Gaevoy, took to Twitter to share more details about the exploit, alongside offering a 10% bounty on funds stolen by hackers.
Wintermute CEO Offers $10M Bounty To Hackers
In a comprehensive Twitter thread, Gaevoy unveiled details about the recent DeFi exploit that resulted in Wintermute losing $160 million worth of funds. The attack was directed toward the firm’s wallet used for DeFi proprietary trading operations. Gaevoy later stressed how the firm’s internal CeFi and OTC operations were not affected and are separate from its DeFi procedures.
Our internal systems in both Cefi and Defi are not affected, as well as any internal or counterparty data
Gaevoy further revealed that the hack was most likely linked to a profanity-type exploit that enables users to create multiple vanity ETH addresses. According to Blockworks Research, “Profanity lets users randomly pick 1 out of 4B seed private keys. Then the user can expand it deterministically to 2M private keys before deriving public keys from the private keys. Profanity then loops through keys until a user gets the desired ETH address. “
3/ Wintermute utilized the tool to create an address with 7 0’s which enables slightly cheaper transaction fees due to advantages with how bytecode is processed.
The research platform further revealed how a 1inch blog post had earlier found a potential bug in the profanity wallet generator tool that could later result in a loss of millions of dollars. Similar to this, the platform reported that this is precisely how the hacker may have found Wintermute’s vanity address before looping to get the remaining numbers of the firm’s ETH address.
1/ Last week, a @1inch blog post pointed out a bug in the Profanity wallet generator tool that could result in hundreds of millions of dollars stolen.
Profanity enables users to create vanity ETH addresses, similar to how one could choose a custom license plate for a car. pic.twitter.com/gHXzG5Dcwz
According to CNBC, a total of 90 different assets were stolen by hackers in the $160 million DeFi hack, out of which nearly $114 million were in the form of USDC and USDT stablecoins. Currently, Gaevoy is offering a $10 million bounty to the hackers and has shared a crypto address via Twitter for the scammer to respond and transfer all the firm’s stolen funds.
To the hacker, we offer a 10% bounty on funds taken. To make it easy, we propose for you to transfer all of the funds taken through the exploit, save for $16M USDC, to:
0x4f3a120E72C76c22ae802D129F599BFDbc31cb81
Wintermute is currently in crisis mode. The firm owes nearly $200 million to multiple DeFi lenders, including a $92 million Tether loan issued by TrueFi, a $75 million debt owed to Maple Finance, and another $22.4 million owed to Clearpool.
Image: Wintermute/Twitter
Source: Read Full Article