Security News > 2022 > September > Hackers steal $162 million from Wintermute crypto market maker
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today.
Wintermute provides liquidity to over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase, Kraken, and Bitfinex.
Gaevoy did not provide details about how the hacker managed to steal the funds but some crypto-experts suggest as a plausible scenario that the attacker likely exploited a bug in Profanity, a vanity address generator for Ethereum, for which proof-of-concept exists.
What the Profanity tools allows users is generate addresses that are not completely randomized but contain a an Ethereum vanity address generation tool that allows users to create a personalized address that contains a predefined string of numbers and letters.
Security analysts have recently disclosed Profanity's vulnerability and claimed that attackers already used it to steal $3.3 million.
The compromised Wintermute wallet appears to have been created with the buggy vanity address generator, so the Profanity weakness looks like a valid possibility for stealing the money.
News URL
Related news
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)