Security News > 2022 > September > Hackers steal $162 million from Wintermute crypto market maker
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today.
Wintermute provides liquidity to over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase, Kraken, and Bitfinex.
Gaevoy did not provide details about how the hacker managed to steal the funds but some crypto-experts suggest as a plausible scenario that the attacker likely exploited a bug in Profanity, a vanity address generator for Ethereum, for which proof-of-concept exists.
What the Profanity tools allows users is generate addresses that are not completely randomized but contain a an Ethereum vanity address generation tool that allows users to create a personalized address that contains a predefined string of numbers and letters.
Security analysts have recently disclosed Profanity's vulnerability and claimed that attackers already used it to steal $3.3 million.
The compromised Wintermute wallet appears to have been created with the buggy vanity address generator, so the Profanity weakness looks like a valid possibility for stealing the money.
News URL
Related news
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)