- Market maker Wintermute was drained of $160 million, after falling prey to a DeFi exploit.
- A white hat hacker uncovered a multi-million dollar vulnerability in the Ethereum Arbitrum Nitro bridge and received 400 ETH as payout.
- 90 assets were hit by the Wintermute attack, none of the assets were over notional $2.5 million, no major sell-off expected.
Exploits in the DeFi ecosystem, on decentralized exchanges, market makers and bridges have become increasingly common. Wintermute was drained of $160 million in the latest exploit, but its CEO has confirmed on-chain trading will continue. Ethereum and Arbitrum-Nitro bridge dodged a multi-million dollar attack, paying out 400 ETH to a white hat hacker.
Wintermute suffers $160 million exploit, no major sell-off expected
Leading crypto market maker Wintermute was hit by a $160 million exploit. Wintermute has partnered with the world’s best crypto exchanges and projects to provide liquidity. Therefore an exploit on Wintermute raised several concerns among the crypto community.
Evgeny Gaevoy, the CEO of Wintermute pointed out that the DeFi wing of the firm was targeted in the attack and funds in the centralized exchange and over-the-counter offerings remained safe.
Among the 90 assets hit by the attack, only two have been for notional over $1 million and none more than $2.5 million. Gaevoy assured the community that there will be no major sell-off in the crypto ecosystem. The CEO shed light on the firm's solvency. “Insolvency” is a common term that has been making the rounds in the crypto market since Three Arrows Capital fund’s failure.
Gaevoy assured traders that Wintermute is still solvent. He was quoted as saying:
We are solvent with twice over that amount in equity left. If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and will get back to normal after. We are (still) open to treating this as a white hat, so if you are the attacker – get in touch.
An address associated with the Wintermute hack (0xe74b28c2eae8679e3ccc3a94d5d0de83ccb84705) deposited a whopping $114 million into Curve. The address has been flagged on Etherscan as related to the Wintermute exploit.
Wintermute hacker address
$114 million added to Curve
Gaevoy shared updates on the exploit, attributing it to human error. The market maker has put a 10% bounty to the hacker if all funds are returned, approximately 16 million USDC. The attack vector was associated with the market maker’s Ethereum vault, used for on-chain DeFi trading operations and this is separate from CeFi and OTC operations of the firm.
Short communication on the ongoing Wintermute hack— wishful cynic (@EvgenyGaevoy) September 20, 2022
None of Wintermute’s CeFi or OTC wallets were affected or compromised and the exploit was most likely a “Profanity-type exploit.”
Profanity, used for key-generation on the compromised wallet address was exploited last week according to 1inch contributors and the hack was therefore a human error. Despite the discovery of the Profanity exploit, the firm failed to switch its key generation from the compromised project to elsewhere.
White hat hacker identified huge vulnerability in Ethereum to Arbitrum bridge
A white hat hacker uncovered a multi-million dollar vulnerability in the bridge linking Ethereum and Arbitrum. Arbitrum is a layer-2 optimistic rollup solution for Ethereum. It reduces network congestion and saves fees. Arbitrum Nitro aims to simplify communication between Arbitrum and Ethereum.
The hacker received a 400 ETH bounty for the find. The attacker goes by the name: Riptide. Riptide explained the exploit in a Medium post. The post reads:
We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.
If a hacker with malicious intent identified the vulnerability the hack could potentially drain tens or hundreds of millions worth of Ethereum. 168,000 ETH, valued over $225 million could have been stolen in the exploit.
As there was massive earning potential from the exploit, Riptide believes the find should be eligible for a max bounty, worth $2 million.
No big deal just bridging a cool $470mm through the same Inbox contract— riptide (@0xriptide) September 20, 2022
Definitely should be eligible for a max bounty
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.