The founder and CEO of Wintermute, a cryptocurrency market maker based in the UK, Evgeny Gaevoy, claims that the company was the most recent victim of decentralized finance (DeFi) hack and suffered a loss of almost $160 million.
Due to the hacker(s) draining funds from the company’s DeFi operations, neither the over-the-counter nor centralized finance operations were impacted. The market maker is solvent, according to Gaevoy, and has equity that is twice as large as the amount that was stolen. He emphasized that the users’ funds are secure.
Wintermute hack affecting 70 different tokens
Wintermute is an algorithmic market maker that specializes in digital assets like cryptocurrency. The group is a UK-registered company based in Cheshire that is regulated by the Financial Conduct Authority. According to Companies House, Evgeny Gaevoy owns “more than 25%, but not more than 50%” of the company.
According to Etherscan, “Wintermute exploiter” has collected over 70 different tokens, including $61,350,986 in USD Coin (USDC), 671 Wrapped Bitcoin (wBTC), which is around $13,030,061, and $29,461,533 Tether (USDT). The most valuable token appears to be USDC.
“The nature of the exploit suggests that Wintermute’s hot wallet was compromised,” Ajay Dhingra, head of research and analytics at smart exchange Unizen, said. “This incident again brings focus on tightening the screws around smart contract security, which is an uncharted territory as of now.”
Suspected white-hat hack
Gaevoy, a Dutch national, stated in the short tweet thread that the breach could be classified as a white-hat attack. The offender may contact Wintermute to share the vulnerabilities they uncovered in order to avert future breaches.
White hat hacking is popular in the cryptocurrency industry. Hacker bounties are sometimes rewarded by exchanges, market makers, and organizations in the form of cash or career opportunities.