London-based cryptocurrency-trading platform Wintermute saw cyberattackers take off with $160 million this week, likely due to a security vulnerability found in a partner’s code. The incident showcases deep concerns around implementing security for this finance sector, researchers say.
Wintermute founder and CEO Evgeny Gaevoy took to Twitter to say that the heist was aimed at the company’s decentralized finance (DeFi) arm, and that while the incident might disrupt some operations “for a few days,” the company is not existentially impacted.
“We are solvent with twice over that amount in equity left,” he tweeted. “If you have a [money-management] agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after.”
He also said that about 90 assets were hit, and appealed to the culprit: “We are (still) open to treat this as a white hat [incident], so if you are the attacker — get in touch.”
Meanwhile, he explained to Forbes that the “white hat” comment means that Wintermute is offering a $16 million “bug bounty,” if the cyberattacker returns the remaining $144 million.
Filled With Profanity
He also told the outlet that the theft likely traces back to a bug in a service called Profanity, which allows users to assign a handle to their cryptocurrency accounts (normally account names are made up of long, gibberish strings of letters and numbers). The vulnerability, disclosed last week, allows attackers to uncover keys used to encrypt and pry open Ethereum wallets generated with Profanity.
Wintermute was using 10 Profanity-generated accounts to make rapid trades as part of its DeFi business, according to Forbes. DeFi networks connect various cryptocurrency blockchains to create a decentralized infrastructure for borrowing, trading, and other transactions. When news of the bug broke, the crypto-firm tried to take the accounts offline, but due to “human error,” one of the 10 accounts remained vulnerable and allowed the attackers into the system, Gaevoy said.
“Some of these [DeFi] technologies also involve third-party integrations and connections where the company may not have the ability to control the source code, leading to additional risk for the company,” Karl Steinkamp, director at Coalfire, tells Dark Reading. “In this instance, a vanity digital asset address provider, Profanity, was leveraged in the attack … An expensive and preventable mistake for Wintermute.”
DeFi Exchanges Will Grow as a Target
Analysts with Bishop Fox earlier this year found that DeFi platforms lost $1.8 billion to cyberattacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the difficulty in locking down the sector, which relies on automated transactions.
And, just last month, the FBI issued a warning that cybercriminals are increasingly exploiting vulnerabilities in DeFi…
Read More: www.darkreading.com
Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
Dogecoin 
USDC 
Cardano 
Lido Staked Ether 
TRON 
Avalanche 
Sui 
Wrapped stETH 
Chainlink 
Toncoin 
Shiba Inu 
Stellar 
Wrapped Bitcoin 
Hedera 
Polkadot 
WETH 
Bitcoin Cash 
Uniswap 
Pepe 
Litecoin 
LEO Token 
Hyperliquid 
Bitget Token 
Wrapped eETH 
NEAR Protocol 
Ethena USDe 
Internet Computer 
USDS 
Aptos 
Aave 
Mantle 
Render 
Bittensor 
POL (ex-MATIC) 
Cronos 
Ethereum Classic 
Virtuals Protocol 
VeChain 
Artificial Superintelligence Alliance 
Arbitrum 
MANTRA 
WhiteBIT Coin 
Monero 
Filecoin