Profanity Could Be the Reason for Hacking $160 Million Crypto Trading Company Wintermute

Profanity Could Be the Reason for Hacking $160 Million Crypto Trading Company Wintermute

Wintermute, a London-based cryptocurrency company that handles billions of dollars in digital assets daily, lost $160 million in a hack early Tuesday. Founder and CEO Evgeny Gaevoy says he learned of the hack a few minutes after it happened, around 6:00 AM London time. An hour later, he announce The theft on Twitter without mentioning how it happened. Finally, the hacker stole nearly $120 million of Wintermute’s “stable coins” including USDC and USDT, $20 million in bitcoin and ether, and another $20 million in lesser-known cryptocurrencies.

Gaevoy explained to Forbes That while the investigation is still ongoing, it is possible that the hack originated with a service called Profanity, which creates “privileged addresses” for digital cryptocurrency accounts to make it easier to deal with. Other than that, cipher computations are roughly made up of 30-character strings of assorted letters and numbers. Last week, a blog was posted by another crypto company open Vulnerability with profanity code. The crux of the problem: anyone with enough computing power can generate all possible keys or passwords generated for a profanity-specific address. Then they can check the linked accounts to see how much money they are holding and steal the money.

Wintermute was using profanity not to create easy-to-remember names for digital accounts, but to cut trading transaction costs, since that’s another advantage of the profanity service, says Gaevoy. When Wintermute learned of the vulnerability last week, they took steps to technologically “blacklist” their vulnerabilities, protecting them from liquidation. However, due to their human error, not one of the 10 accounts was blacklisted, according to Gaevoy, likely resulting in the theft of $160 million.

These trading accounts were part of Wintermute’s “Decentralized Finance” or DeFi business, where fast trades are made on decentralized exchanges such as Uniswap and Sushi Swap that are not controlled by a single entity. Because the DeFi ecosystem is new, highly experimental and designed to be more openly available than traditional finance, it does not have the same safeguards that centralized exchanges like Coinbase do. “You don’t have any breakers. You don’t have any two-factor authentication to help store your keys,” Jayfoy says.

In 2021, DeFi hack totaled $1.3 billion, according to Research by Certik security company. Chainalysis Inc. Estimates North Korea-linked groups stole $1 billion in DeFi protocols in the first eight months of 2022.

Some tried-and-true security practices in cryptography, such as the use of external hardware wallets or “multi-signature” applications that need a digital signature by multiple parties before a transaction is approved, cannot be used for the kind of automated trading that Wintermute does. “You need to sign transactions right away, within seconds,” says Jivewe. So they had to invent their own technical tools and security protocols. “In the end, this is the risk we took. It was calculated.” DeFi has been a thriving part of Wintermute’s business in previous years. “It didn’t work out this year,” he admits.

Wintermute’s CEO has some clues about the identity of the hacker, and he’s investigating it “internally and using external partners.” He hopes the hacker will become a “white hat” that will return most of the money, and is now offering a 10% reward, or $16 million, if the hacker returns the remaining $144 million. he is chirp Wintermute “prefers to solve this problem in a simple way, but the window of opportunity to do so is closing fast due to the high profile of this exploit.”

Despite the new $160 million hole in its balance sheet, Jayvoy says Wintermute is in a healthy financial position, with more than $350 million in equity. “We are one of the very few crypto-owned trading companies that can actually take this punch,” the CEO says. For two hours after the hack, the company paused its over-the-counter trading desk, which facilitates large transactions between third parties. But that resumed his normal work.


#Profanity #Reason #Hacking #Million #Crypto #Trading #Company #Wintermute

Leave a Comment

Your email address will not be published. Required fields are marked *