Wintermute hack

On September 20, 2022, Wintermute, a UK-based algorithmic market maker, was hacked, losing $162.2 million from its decentralized finance (DeFi) operations, as reported by Merkle Science.

The breach, detected at 06:00 UTC, exploited a vulnerability in a Profanity-generated vanity address, likely compromising the private key of a hot wallet with admin access to Wintermute’s DeFi vault, per Halborn.

The hacker, operating from address 0xe74b28c2eAe8679e3cCc3a94d5d0dE83CCB84705, stole 90 assets, including $61.35 million USDC, $29.46 million USDT, and 671 wBTC ($13.03 million), per Merkle Science. Funds were swapped via Curve.fi (e.g., 9,470,755 BUSD to 9,467,293 DAI) and Uniswap V2, with $114.3 million deposited into Curve’s 3pool to evade blacklisting, and some NFTs purchased, possibly for laundering, per Twitter (@ZachXBT).

Wintermute, providing liquidity to over 50 platforms like Binance and Uniswap with billions in daily volume, remained solvent with over $320 million in equity, per CEO Evgeny Gaevoy’s tweets (@EvgenyGaevoy). Gaevoy offered a 10% bounty ($16 million) for fund return, treating it as a potential “white hat” hack, but no funds were recovered by September 2022.

One of 295 DeFi hacks in 2022, costing $3.1 billion, per Chainalysis, the incident, following Nomad’s $190 million loss, fueled calls for secure key generation, admin privilege revocation, and real-time on-chain monitoring to safeguard DeFi ecosystems.