Experts Link $160M Stolen from Wintermute to Vulnerability i | Crypto_NFT
Experts Link $160M Stolen from Wintermute to Vulnerability in Ethereum Address Generator
An attacker who stole $160 million from market maker Wintermute exploited a vulnerability in the Profanity tool. This conclusion was made by the head of information security at Polygon, Mudit Gupta.
The Profanity tool made it possible to generate human-readable Ethereum addresses (vanity addresses) containing words, names, or phrases. Work on the tool was abandoned several years ago, but the wallets created with it are still functioning.
The Wintermute asset theft incident happened on 20 September. The market maker retained solvency.
Platform CEO Evgeny Gaevoy emphasized that the attack was aimed at DeFi operations. The hacker emptied the Ethereum storage based on smart contracts.
According to Gupta, thanks to the vulnerability, the attacker was able to calculate the private keys of the storage administrator's address. It started with the prefix “0x0000000”, which is typical for vanity addresses.
“The vault only allows administrators to perform these transfers, and the Wintermute hot wallet, as expected, filled this role. […] The address was probably compromised,” the specialist explained.
The expert suggested that the firm’s employees transferred all the Ethereum from the wallet with the vanity address before the hack. Perhaps as a precautionary measure in light of the discovery of a discovered vulnerability in the Profanity tool. At the same time, the administrator rights have not been changed in the market maker, he added.
Experts from SlowMist came to similar conclusions.
“$160 million was stolen from Wintermute, probably due to the use of a wallet generated by the Profanity service (starting at 0x0000000),” they emphasized.
Experts discovered that the hacker transferred $114 million of the stolen $160 million to the Curve decentralized exchange.
Speaking to The Block, Gupta suggested that Wintermute was using a vanity address because of its efficiency in making transactions. Gaevoy confirmed this conjecture, pointing to gas savings.
