Renowned U.K.-based crypto market maker Wintermute experienced a $160 million breach last week in its DeFi operations. According to on-chain data, tens of millions of dollars’ worth of Dai, USDC, Tether, Wrapped ETH, and other assets were drained from the platform to a wallet address marked as a “Wintermute Exploiter.”
While the company went on to offer a 10% bounty to the hacker on the illegally obtained funds and characterize the breach as a “white hat” event, a recent study raises the possibility that this was an inside job.
According to Librehash analyst James Edwards, the hacker couldn’t have been a random outsider who “simply recovered the private key to an unsafe externally owned address that the team failed to revoke admin permissions for.” After observing the interactions between the platform’s smart contracts, Edwards claimed that it looks like the hack was carried out by an internal party.
6c/ Keep in mind these transactions were only ONE minute apart. 5:06, 5:07, 5:08 p.m., consecutively.
Withdrawals from these exchanges were executed 3 minutes after the 'hacker' swept all the $USDT out the address. pic.twitter.com/tdmAOnqVdM
— James Edwards (@librehash) September 26, 2022
In other words, it is abundantly evident from the relevant EOA-initiated transactions that the hacker was most likely a Wintermute team member.
The controversial nature of the Wintermute exploit
According to Edwards, the transfer of 13.48 million USDT from the Wintermute smart contract address to the smart contract that was allegedly created and managed by the Wintermute hacker is controversial in nature.
Edwards questioned the project’s transparency while pointing out that the Wintermute smart contract in question lacked uploaded, verified code, making it impossible for the community to prove that the hacker was not an internal employee. Interestingly, a ny smart contract implemented on a blockchain and is in charge of managing user or customer funds is often open to public verification.
After performing a more thorough examination and sorting through the decompiled bytecode, the analyst allegedly discovered that the code was inconsistent with what was allegedly hacked.
The CEO and founder of Wintermute, Evgeny Gaevoy, was also the target of a jab from Edwards, who described the executive’s explanation as “rushed, hasty, and sloppily published,” leaving the impression that the team was “relieved” for possibly pulling off a million dollar heist with “little to no scrutiny.”
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now