Wintermute hacked for $160M, CEO offers the hacker 10% bounty to return stolen funds

Gaevoy and multiple sources claim that the hack resulted from an exploit of the popular Profanity-type exploit which, according to his statements, Wintermute used to generate multiple wallets with customized formats for the purpose of optimizing gas fees.

Mudit Gupta, a blockchain security researcher and CISO for Polygon explains that Wintermute’s admin wallet address is a vanity address that begins with a string of zeros, possibly utilizing Profanity, a well-known but buggy vanity address generator. 

He speculates that the admin wallet address was likely compromised as the vault would allow only admins to make transactions of the same manner as the hack..

Blockchain Intelligence Group’s Investigation

The main attack drained $160M worth of tokens from Wintermute. 90 different types of assets were stolen some of which are over $1M.

Mapped out transactions of the funds stolen from Wintermute

The hacker swapped TUSD tokens and BUSD tokens into 12.6M DAI token and added 29.4M USDT, 23.6M DAI and 61.3M USDC to the 3Crv LP over 3 transactions in exchange for nearly 111.95M 3Crv tokens valued at over $114.4M USD.

There are debates around the reason behind the deposit. Gupta further suggests that the hacker’s attempting to avoid any freezing or blacklisting.

The remaining crypto – encompassing a variety of tokens adding up to around $46,000 – remains in the hacker’s wallet which is lying at approximately $162M.

Wintermute, according to Gaevoy, is still open to considering the breach as a “white hat” situation, in which the hacker returns the cash and receives compensation for exposing a vulnerability.