The Wintermute $160 Million Cyberattack Is the Year’s Fifth Largest DeFi Exploit


CEO Evgeny Gaevoy of Wintermute has stated that a serious flaw in the Ethereum vanity address generator dubbed Profanity was responsible for the multi-million dollar theft.

According to Gaevoy, a crypto asset algorithmic market maker named Wintermute took $160 million in damage on Tuesday in its DeFi activities. He further said that more than 90 items with varying values were taken.

Only a few days before, 1inch had already marked Profanity-generated addresses as potentially dangerous, thus this breach comes as no surprise.

Using Profanity, Ethereum users may generate “vanity addresses,” or unique wallet addresses that include human-readable messages that facilitate transactions.

Prior to this, Binance’s CEO, Changpeng Zhao, tweeted that the Wintermute vulnerability seemed “like Profanity-related,” but he did not elaborate.

He warned that those who had previously used “vanity addresses” should consider moving their money to a new wallet. Polygon’s chief information security officer Mudit Gupta provided proof supporting the claims.

In a blog post, Gupta speculated that the incident was caused by the recently published Profanity issue via a hot wallet breach.

Wintermute’s hot wallet is an administrator, thus he has access to do these kinds of transactions in the vault. Thus, the contracts functioned as intended, albeit the admin address was probably hacked,” he stated.

Possibly constructed using the well-known, if flawed, vanity address generator is known as Profanity, “the admin address is a vanity address (starts with a lot of zeroes).

Certik, a crypto-security firm, provided further detail on the attack’s execution. The attacker “specified that the swap contract was the attacker-controlled contract by using a privileged function with the private key leak,” the blog post said.

Even though vanity addresses are meant to be unique and unreplaceable, hackers have discovered a technique to reverse-calculate them and steal millions.

Later, Evgeny Gaevoy, CEO of Wintermute, revealed that profanity was involved in the breach. Evgeny explained what happened.

Our DeFi trading wallet was vulnerable to an exploit of the Profanity kind, which is presumably where the assault originated. To create addresses with several leading zeros, we did resort to the use of profanity and an internal tool. He explained our motivation on Twitter: “gas efficiency, not vanity.”

“Moved to a more secure key creation script,” the DEX now boasts. “As we learnt of the Profanity exploit last week, we sped up the ‘old key’ retirement,” Gaevoy said.

Also Read: Biden Declares ‘We Will Support Ukraine’  

Leave A Reply

Your email address will not be published.