🤑 It doesn’t get more affordable. Grab this 60% OFF Black Friday offer before it disappears…CLAIM SALE

Human Error Caused $160M Hack Of Algorithmic Market Maker Service Wintermute, Says CEO

Published 21/09/2022, 14:00
© Reuters.  Human Error Caused $160M Hack Of Algorithmic Market Maker Service Wintermute, Says CEO

The theft of about $160 million from algorithmic market maker service Wintermute was caused due to a “human error,” the company’s CEO Evgeny Gaevoy on Wednesday explained the attack vector was associated with Wintermute’s Ethereum (CRYPTO: ETH) vault, used for on-chain decentralized finance (DeFi) trading operations.

The culprit offered a 10% bounty Additionally, Wintermute has offered a 10% bounty to the hacker, which would be worth 16 million USDC if all the money were to be recovered.

Gaevoy highlighted that this wallet was independent of its centralized finance (CeFi) and over-the-counter (OTC) activities and that none of Wintermute's CeFi or OTC wallets, as well as any of its internal or counterparty data, were impacted or compromised.

Profanity-type exploit brought the attack

Gaevoy said that the assault was most likely brought on by a "Profanity-type exploit" on Wintermute's DeFi vault.

According to a post published by 1inch contributors, Profanity was exploited last week to generate keys on the hacked wallet address.

Internal error caused a loss of $160 million Gaevoy said that the hack Wintermute experienced was caused by an "internal (human) error" after it discovered the Profanity attack.

He added that Wintermute will not be terminating any staff, altering its strategies going ahead, seeking extra funds, or ceasing its DeFi activities despite the financial setback.

Wintermute used Profanity, an open-source tool for creating numerous addresses, together with an internal tool to create an address with several zeroes at the front, when it first set up its DeFi vault and this was due to "gas optimization, not vanity," according to Gaevoy.

He further added that vanity addresses had admin capabilities and the prefix "0x0000000."

Since the disclosure of the attack, security professionals have theorized that this prefix may be exploited by hackers if they gain access to the private key.

In June, Wintermute started avoiding this configuration and used a more secure key-generation process.

Wintermute removed all of its ETH from the hacked vanity address wallet as part of the accelerated process of "retiring" the old key.

However, according to Berkeley ICSI staff researcher Nicholas Weaver, the company “failed to remove this address’s ability to sign for and do other things.”

Moreover, Gaevoy stated that owing to the nature of high-frequency trading, running on-chain trade carries certain dangers that Wintermute was fully aware of.

These risks largely stem from the lack of protections like 2FA-protected key creation or the possibility to employ multisignatures involving high-frequency trading (HFT).

Are you ready for the next crypto bull run? Be prepared before it happens! Hear from industry thought leaders like Kevin O’Leary and Anthony Scaramucci at the 2022 Benzinga Crypto Conference on Dec. 7 in New York City.

© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Read the original article on Benzinga

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.