Yet another major crypto firm has been hacked

Roughly $160 million in various tokens stolen from Wintermute

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Crypto market maker Wintermute has suffered a significant cyberattack that saw the culprits manage to steal $160 million worth of digital assets.

In aTwitter thread, company CEO Evgeny Gaevoy said that the attackers targeted Wintermute’s DeFi proprietary trading operations, which are “completely separate and independent” from its CeFi and OTC operations.

“The attack was in relation to ourwalletused for DeFi proprietary trading operations, which are completely separate and independent from our CeFi and OTC operations. Our internal systems in both Cefi and Defi are not affected, as well as any internal or counterparty data,” he added.

Company remains solvent

Further explaining what had happened, Gaevoy said the attack was “likely linked” to the Profanity-type exploit of its DeFi trading wallet. “We did use Profanity and an internal tool to generate addresses with many zeroes in front. Our reason behind this was gas optimization, not “vanity”,” he added, before stating that the last time the team generated such addresses was in June.

“We have since moved to a more secure key generation script. As we learned about the Profanity exploit last week, we accelerated the “old key” retirement,” Gaevoy stated.

Despite the breach and its damaging effect, Gaevoy said customers shouldn’t be too worried, as funds for customers with Wintermute agreements are safe. The company is still solvent, “with twice over that amount in equity left.”

More crypto wallets are being hacked and drained>2FA compromise led to Crypto.com hack>Here are the best endpoint protection services right now

All in all, the crooks stole 90 different token, including stablecoins USDC and USDT.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the investigation is still ongoing, the team is trying to solve this the easy way, by offering the attacker a 10% bounty if they return the remaining funds. In a subsequent tweet, Gaevoy said: “To the hacker, we offer a 10% bounty on funds taken. To make it easy, we propose for you to transfer all of the funds taken through the exploit, save for $16M USDC.”

At press time, no payment has yet been made.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review