Crypto market maker has suffered a hack in its DeFi operations, stealing $160 million in cryptocurrency. The hacker then transferred all USDT, USDC, DAI stablecoins, worth about $100 million USDinto the Curve liquidity pool to avoid being blacklisted like Tornado Cash. With that amount of damage, Wintermute became the 5th largest crypto hack in 2022.
However, only DeFi wallets were affected while CeFi and MM wallets remain secure, Wintermute said. According to CEO Evengy Gaevoy, Wintermute stays solvent as it still holds twice as much equity. Then on Sep 21, Evengy Gaevoy shared more information about the attack. The CEO admitted that the exploit was caused by human error, whereby Wintermute did not remove the ability of the compromised address to sign and make actions.
More specifically, the hacker took advantage of a vulnerability related to Wintermute’s Profanity address. This error was warned by 1inch exchange last week. Wintermute was also aware of this risk and moved their funds but error still occurs, allowing the hacker to steal funds.
Even so, Evengy Gaevoy said he would not blame his team and would not fire anyone. “And this is what we are planning to do. No lay-offs. No strategy changes. No emergency fundraise. Not giving up on defi”, he wrote.
To the hacker, Evengy Gaevoy also offered a 10% bounty on funds taken if he accepted to return the funds.
In related news, CoinDesk claims Wintermute has over $200 million in DeFi debt to several protocols, including: 92 million USDT to TrueFi; $75 million in USDC and WETH to Maple Finance; and $22.4 million to Clearpool.
Evengy Gaevoy asserted that Wintermute is still paying off its DeFi debts on time, despite having to pay high interest rates.
Follow our channels for more crypto news: