Winter Mute, one of the leading market makers in the cryptocurrency industry, has been hacked. A cybercriminal has stolen around $160 million in various company tokens, according to Wintermute CEO. However, the company claims it is solvent and still holds twice as much equity as the amount stolen.
In the web3 world, market makers like Wintermute greases the wheels of crypto trading. They play the essential role of providing liquidity to crypto exchanges and decentralized finance (DeFi) platforms. In crypto, “liquidity“Essentially comes down to how easily a specific asset or token can be traded. Higher liquidity rates allow for more transparent transactions between traders and are an important indicator of the overall health of a market. In short: market makers keep things run slowly, and they are a vital service in the functioning of exchanges. Of course, things don’t go so well if your market maker gets robbed.
On Tuesday, Wintermute founder and CEO Evgeny Gaevoy took to Twitter to alert users to the recent theft. “We were hacked for around $160 million in our challenge operations. Cefi and OTC operations are not affected,” Gaevoy said.
According to the CEO, an unknown hacker managed to steal 90 tokens from the company’s wallet and transfer them to his own. Etherscan shows and that the hacker seized a multitude of different assets – Tether, USDcoin, Wrapped ETH and Dai stablecoin – and the criminal’s wallet is apparently dubbed “Wintermute Exploiter”.
Gaevoy assured users that their money is safe: “If you have a [market maker] agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for the next few days and we will return to normal after that,” he said on Tuesday.
How did the hacker gain access to company coins? This part is a mystery. Gaevoy and Wintermute did not share any technical details about what happened. However, some security analysts have speculated that the hack happened via a hot wallet compromise following a recent bug discovered in Profanity, a popular cryptographic tool used to generate wallets. Exploitation of the bug has already led to other hacks.
Unfortunately, this isn’t the first time Wintermute has had issues with parts disappearing.. In June, the market maker was responsible for the evaporation of some 20 million dollars in Optimism (or “OP”). After being engaged to provide initial liquidity for the launch of the asset, Wintermute failed to deploy a routine security mechanism. This failure left OP’s $20 million trapped in a wallet and, like Wintermute fumbled to get it out, a cybercriminal swiped the tokens. Wintermute took full responsibility for the episode, offering to buy an amount equivalent to the money lost. Later, however, the hacker revenue most stolen cryptos.
In this particular case, it is not clear whether Wintermute has been in contact with law enforcement or has opened a dialogue with the hacker (like some crypto exchanges have done, in the old days). Gaevoy said Wintermute would be prepared to treat the breach as a “white hat” hack and allow the hacker to keep some of the stolen funds if the majority were returned. We’ve reached out to the company for more information and will update this story if it does. respond.