Crypto market creator Wintermute suffered a major cyber attack in which the culprits successfully stole €160 million worth of digital assets.
In a Twitter thread (opens in a new tab), the company's CEO, Evgeny Gaevoy, said the attackers were targeting Wintermute-owned DeFi trading operations, which are "completely separate and independent" from its CeFi and OTC operations. .
"The attack affected our wallet used for proprietary DeFi trading operations, which are completely separate and independent from our CeFi and OTC operations. Our internal systems, both Cefi and Defi, are not affected, as are any data internal or under consideration." he added.
The company remains solvent
Explaining in more detail what happened, Gaevoy said the attack was “probably related” to the Profanity-like exploit from his DeFi trading wallet. "We used Profanity and an internal tool to generate addresses with lots of leading zeros. Our reason behind this was gas optimization, not 'vanity,'" he added, before stating that the last time the team generated such addresses It was in June.
“Since then, we have moved to a more secure key generation script. When we learned of the Profanity exploit last week, we expedited the removal of the 'old key,'” Gaevoy said.
Despite the leak and its adverse effects, Gaevoy said customers shouldn't worry too much, as customer funds with Wintermute deals are safe. The company remains solvent, "with double that amount in equity."
In total, the scammers stole 90 different tokens, including the USDC and USDT stablecoins.
While the investigation is still ongoing, the team is trying to solve this problem in a simple way, offering the attacker a 10% bonus if he returns the remaining funds. In a subsequent tweet, Gaevoy said: “We offer the pirate a 10% reward on the funds taken. To make it easier for you, we offer to transfer all funds raised through the exploit, saving €16 million USDC.
At the time of publication, no payment has yet been made.
Via: The Registry (Opens in a new tab)