Wintermute CEO Renews Plea for Hacker to Return Stolen Funds

Hack Traced to Bug in Wallet Addressing Tool
Wintermute CEO Renews Plea for Hacker to Return Stolen Funds

The chief executive of cryptocurrency trading firm Wintermute renewed his plea to the cyberthief who stole $160 million to return the digital assets, writing that the hacker could keep 10% of the pilfered amount.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

The hack affected the London-based market maker's decentralized finance operation, CEO Evgeny Gaevoy acknowledged earlier this week while stressing the company's solvency (see: Hacker Plunders $160M From Crypto Market Maker Wintermute).

In a follow-up set of tweets, Gaevoy asserted the company has multiple leads on the responsible party. Wintermute "would prefer to resolve this in a simple way, but the window of opportunity to do so is closing fast due to the high profile of this exploit," he wrote.

"To make it easy, we propose for you to transfer all of the funds taken through the exploit, save for $16M," Gaevoy said, and posted a wallet address. Hacked cryptocurrency platforms often ask for stolen funds to be returned and sometimes even get them, as in the case of a hacker who in 2021 returned $610 million stolen from the Poly Network. "I am not very interested in money," the hacker claimed.

Wintermute supplies liquidity to cryptocurrency trading by holding digital assets in internet-connect wallets and tapping into them when necessary to ensure the execution of large deals. The company is among the largest cryptocurrency market makers. Its centralized finance exchange and over-the-counter trading operations were halted for some time as a risk management precaution but fully resumed Tuesday afternoon on Universal Coordinated Time, the company said. The liquidity provision services for blockchain projects are also functioning normally, it added.

Gaevoy supplied additional details about the hack, saying it was linked to a vulnerability created by a wallet addressing tool called Profanity. The bug was publicly disclosed on Sept. 15 by 1inch Network. It stems from how Profanity hashes wallet public keys to generate a blockchain address and allows attackers to recover the private encryption key necessary to drain a wallet of funds.

Gaevoy says the company last used the Profanity tool to generate wallet addresses in June and accelerated retirement of the encryption keys, but along the line it made an error he attributes to a human rather than to an automated process.

"As advanced as our tech may be, most of the exploits come from human errors, Gaevoy wrote, adding that Wintermule continuously invests in "processes to minimize human impact."


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.