After encountering a massive $160M DeFi hack yesterday, Wintermute’s CEO, Evgeny Gaevoy, took to Twitter to share more details about the exploit, alongside offering a 10% bounty on funds stolen by hackers.
Wintermute CEO Offers $10M Bounty To Hackers
In a comprehensive Twitter thread, Gaevoy unveiled details about the recent DeFi exploit that resulted in Wintermute losing $160 million worth of funds. The attack was directed toward the firm’s wallet used for DeFi proprietary trading operations. Gaevoy later stressed how the firm’s internal CeFi and OTC operations were not affected and are separate from its DeFi procedures.
Gaevoy further revealed that the hack was most likely linked to a profanity-type exploit that enables users to create multiple vanity ETH addresses. According to Blockworks Research, “Profanity lets users randomly pick 1 out of 4B seed private keys. Then the user can expand it deterministically to 2M private keys before deriving public keys from the private keys. Profanity then loops through keys until a user gets the desired ETH address. “
The research platform further revealed how a 1inch blog post had earlier found a potential bug in the profanity wallet generator tool that could later result in a loss of millions of dollars. Similar to this, the platform reported that this is precisely how the hacker may have found Wintermute’s vanity address before looping to get the remaining numbers of the firm’s ETH address.
According to CNBC, a total of 90 different assets were stolen by hackers in the $160 million DeFi hack, out of which nearly $114 million were in the form of USDC and USDT stablecoins. Currently, Gaevoy is offering a $10 million bounty to the hackers and has shared a crypto address via Twitter for the scammer to respond and transfer all the firm’s stolen funds.
Wintermute is currently in crisis mode. The firm owes nearly $200 million to multiple DeFi lenders, including a $92 million Tether loan issued by TrueFi, a $75 million debt owed to Maple Finance, and another $22.4 million owed to Clearpool.