Wintermute, one of the most prominent market makers in the cryptocurrency industry, has been hacked. A cybercriminal stole approximately $160 million in various tokens from the company, according to Wintermute’s CEO. However, the company claims it is solvent and still holds twice as much equity as the amount that was stolen.
In the world of web3, market makers like Wintermute play the critical role of providing liquidity to crypto exchanges and decentralized finance (DeFi) platforms. In crypto, “liquidity” basically amounts to the ease at which a specific asset or token can be traded. Higher rates of liquidity allow for more seamless transactions between traders and are an important indicator of a market’s overall health. In short: market makers keep things running smoothly, and they’re a vital service in the operation of exchanges. Of course, things don’t run so smoothly if your market maker gets robbed.
On Tuesday, Wintermute’s founder and CEO, Evgeny Gaevoy, took to Twitter to alert users about the recent theft. “We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected,” said Gaevoy.
According to the CEO, an unknown hacker managed to steal 90 tokens from the company’s wallet and transfer them to the hacker’s own. Etherscan shows and that the hacker grabbed a host of different assets—Tether, USDcoin, Wrapped ETH, and Dai stablecoin—and that the criminal’s wallet is apparently dubbed “Wintermute Exploiter.”
Gaevoy has assured users that their money is safe: “If you have a [market maker] agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after,” he said Tuesday.
How did the hacker gain access to the company’s coins? That part is still a mystery. Gaevoy and Wintermute have shared no technical details about what happened. However, some security analysts have speculated that the hack occurred via a hot wallet compromise as a result of a recently discovered bug in Profanity, a popular cryptographic tool used to generate wallets. Exploitation of the bug has already led to other hacks.
Unfortunately, this isn’t the first time Wintermute has had troubles with disappearing coins. In June, the market maker was responsible for the evaporation of some $20 million in Optimism (or, “OP”). After being contracted to provide initial liquidity for the launch of the asset, Wintermute failed to deploy a routine security mechanism. This failure allowed the $20 million in OP to become trapped in a wallet and, as Wintermute fumbled to get it out, a cybercriminal swiped the tokens. Wintermute took full responsibility for the episode, offering to buy an equivalent amount of the money lost. Later, however, the hacker returned most of the stolen crypto.
In this particular case, it isn’t clear whether Wintermute has been in touch with law enforcement or has opened a dialogue with the hacker (as some crypto exchanges have done, in the past). Gaevoy said Wintermute would be willing to treat the breach as a “white hat” hack and allow the hacker to keep some of the pilfered funds should the majority be returned. We reached out to the company for more information and will update this story if it responds.