Hackers have taken digital assets worth over $160 million from cryptocurrency trading company Wintermute in the latest crypto crime to attack the decentralised finance (DeFi) sector.
Unauthorized transfers of USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker’s wallet were part of the hack.
The business claimed that the security problem had no effect on its centralised finance (CeFi) and over-the-counter (OTC) activities. It omitted saying when the hack occurred.
The digital assets market maker, which supplies liquidity to numerous exchanges and cryptocurrency platforms, warned of service disruption in the coming days but emphasised that it is “solvent with double that amount in equity left.”
Evgeny Gaevoy, the company’s founder and CEO, tweeted, “If you are the attacker, get in touch. We are (still) open to treat[ing] this as a white hat.”
Gaevoy stated that the attack was probably brought on by a “Profanity-type exploit” in its trading wallet, while specifics of the exploit technique used to prolong the hack are yet unknown.
On September 16, 2022, bad actors used the attack vector to steal $3.3 million from Ethereum addresses created with profanity.
The Wintermute breach is the most recent assault on DeFi protocols; others in recent months include those on Axie Infinity, Harmony Horizon Bridge, Nomad, and Curve.Finance. Some of these thefts have been linked to the Lazarus Group, which receives support from North Korea.
In 2021 alone, security events that hammered DeFi systems caused losses of $1.8 billion, according to a Bishop Fox assessment released in May 2022. The services also experienced an average of five hacks each month.
The majority of the time, the attack was caused by a flaw in the protocol’s logic or smart contracts, the business said. “The breach of wallets and their private keys was another significant vector.”