Security News > 2022 > September > Hackers steal $162 million from Wintermute crypto market maker
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today.
Wintermute provides liquidity to over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase, Kraken, and Bitfinex.
Gaevoy did not provide details about how the hacker managed to steal the funds but some crypto-experts suggest as a plausible scenario that the attacker likely exploited a bug in Profanity, a vanity address generator for Ethereum, for which proof-of-concept exists.
What the Profanity tools allows users is generate addresses that are not completely randomized but contain a an Ethereum vanity address generation tool that allows users to create a personalized address that contains a predefined string of numbers and letters.
Security analysts have recently disclosed Profanity's vulnerability and claimed that attackers already used it to steal $3.3 million.
The compromised Wintermute wallet appears to have been created with the buggy vanity address generator, so the Profanity weakness looks like a valid possibility for stealing the money.
News URL
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (source)