Wintermute CEO Evengy Gaevoy provided details about the $160 million exploit. According to him, this exploit occurred due to human error, during which Wintermeet did not remove the ability to sign and perform actions by exposed and hacked addresses. Wintermeet has offered a $16 million reward for the return of the stolen property.
According to Mihan Blockchain and quoted by TheBlock, the CEO of Wintermute, Ivanji Gavi, provided details about the 160 million dollar hack of this network and cited the reason as “human error”.
Wintermeet also offered 10% of the stolen funds as a reward to the hacker, provided that the hacker returns the said assets.
Gavi explained on Twitter that the attack was linked to Ethereum fund Wintermeet. This fund is used for transactions within the DiFi chain. Gavi has emphasized that the wallet functions separately from centralized finance (CeFi) and OTC transactions of Wintermeet.
Gavi further stated that none of the CeFi and OTC wallets were compromised, nor was any of Wintermeet’s internal information compromised.
This attack was probably due to a Profneti-related exploit in the Wintermeet DeFi fund. Profanity is a tool that can be used to create addresses with a few desired characters.
Gavi added that the recent hack was due to human error. Even after the damage caused by the hack, Gavvy said that Wintermeet is not going to lay off any employees, change strategies, stop raising more funds or its DeFi activities.
When Wintermeet created its DeFi box, it used Profneti, an open source tool to generate multiple addresses, and an in-house tool to generate an address with multiple leading zeros.
Gavi said that their reason for doing this was to optimize gas consumption, not to create special addresses (Vanity Address). Special addresses are prefixed with 0x0000000. This prefix may be used by hackers to calculate and obtain private keys. In June, Wintermeet started migrating their volts from these types of addresses to a more secure key generation script.
During the process of “putting away” the old keys, Wintermeet transferred all of its Ether holdings from its leaked Vanity address.
In the end, Gavi confirmed that doing on-chain transactions has its own risks, and that Wintermeet was aware of this, but that protective measures such as key generation with two-factor authentication (2FA) or the ability to use multi-signatures were not implemented due to The nature of HFT (high frequency trading) has not done.
Certik company said in its blog post that this hack was done due to the leak of the private key, not a vulnerability in smart contracts. Sertik said in this regard:
The hacker has used a function with a leaked private key to determine that the exchange contract is the same contract under the hacker’s control.
As one of the market makers, Wintermeet has several different cryptocurrencies in its fund. The fund relies on its manager’s address prefixed with 0x0000000, which analysts believe is a vanity address. At the same time, Veniti’s address has acted as an admin account to approve transactions of the Wintermeet fund.
According to a report from the security company SlowMist, the hacker managed to transfer $114 million of capital to the decentralized exchange Kero.