Crypto Biz Wintermute Loses $160 Million In Cyber Heist

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything’s fine.

CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an “ongoing hack” affecting its decentralized finance (DeFi) operations, while its centralized finance and over-the-counter trading operations were unaffected. 

“There will be a disruption in our services today and potentially for next few days and will get back to normal after,” Gaevoy said. He added that funds for customers with Wintermute market maker agreements were safe and that the company, which provides liquidity in the crypto-coin world and trades billions of dollars a day, was still financially solvent “with twice over that amount in equity left.” 

That said, interestingly enough, it’s reported that, judging from blockchain records, Wintermute has more $200 million in outstanding DeFi debt to various parties.

Gaevoy said 90 forms of digital asset, totaling $160 million, were snatched in the attack by miscreants. This includes $114 million in USDC and USDT stablecoins, it’s reported.

As has been the case with some past cryptocurrency robberies, Wintermute is treating the attack as a “white hat” operation, suggesting that if the attacker reaches out to the company they’re willing to not prosecute, and even potentially let the thief keep some of their stolen funds if the rest is returned.

Self-declared “on-chain sleuth” ZachXBT claims to have pinpointed the attacker’s Ethereum wallet with the precision and speed of Wintermute’s namesake, tweeting its address just 11 minutes after Gaevoy’s first tweet announcing the hack. The stolen funds still appear to be in the wallet as of writing, and it’s unlikely whether Wintermute, or anyone else, can determine the responsible party from wallet address alone.

The Register has reached out to Wintermute to learn more about the attack and whether the crook has responded to its amnesty offer.

Welcome to the club, Wintermute

The consensual hallucination that is cryptocurrency has been well-fingered by cybercriminals, who routinely log off with tens of millions of dollars in tokens and coins during heists that can be nearly impossible to solve. 

Last month, cryptocurrency bridge service Nomad was drained of $190.7 million worth of crypto tokens used to handle cross-blockchain transfers, while $320 million in Ethereum was stolen from bridge service Wormhole early this year. Additional hacks have netted criminals as much as $600 million, which was stolen from the Ronin Bridge service in April. 

Blockchain security company CertiK estimates that approximately $1.3 billion worth of cryptocurrency was lost due to hacks and scams in 2021 alone, a 2,500 percent increase from 2020. 

The FBI has urged caution around DeFi, saying that cyber criminals “are increasingly exploiting vulnerabilities in DeFi platforms to steal cryptocurrency, causing investors to lose money.” 

According to the Feds’ warning, nearly $1.3 billion was stolen from DeFi operations between January and March of this year – the same as the entirety of 2021. ®