Skip to Content

Wintermute crypto-heist

Updated on 2022-10-31: One month later, the Profanity vulnerability is still making new victims

More than a month after 1inch Network disclosed a severe vulnerability in Profanity, a tool to generate vanity (customized) Ethereum addresses, cryptocurrency platforms are still getting hacked and losing funds to a vulnerability everyone told them to take seriously.

The latest platform to add its name to the list of Profanity victims is DeFi platform FriesDAO, which confirmed on Friday that it lost $2.3 million worth of cryptocurrency tokens after an attacker took control over one of its smart contracts through “a profanity attack vector.”

FriesDAO joins the likes of Wintermute (which lost $160 million), QANplatform (lost $2 million), Indexed Finance (lost $3.3 million), and REFI (lost $300,000).

The Profanity tool allows users to generate Ethereum addresses that contain custom text in the public address. The tool was typically used for branding purposes, to generate addresses that contained a person or company’s name, either at the start, middle, or end of the address.

Profanity did this by rotating and computing through millions of private encryption keys until it found one that generated a public Ethereum address of a user’s liking.

The user would then take this public address and use it to store funds or smart contracts and use the private key to authenticate themselves as the owner of that address or smart contract.

Explained in layman terms, the Profanity vulnerability allows a threat actor to reproduce this process and determine the private key of a vanity Ethereum address that was generated in the past through the app.

This entire process is pretty fast and simple, according to reports, and all an attacker has to do is identify vanity addresses on the Ethereum blockchain.

For cryptocurrency platforms, scanning their own infrastructure for vanity addresses should be pretty simple since, well, it’s their own infrastructure, and they should know what exactly they are running. But as new hacks come to light, it’s apparently something that the cryptocurrency community can’t be bothered with these days.

Updated on 2022-09-25: Wintermute hacked, $160 million stolen

The only thing more frequent than a Twitter security incident is a web3 security incident. This week’s heist landed at Wintermute’s door, with $160 million in crypto funds stolen. Per The Record, Wintermute is a “market maker” for cryptocurrency platforms, an organization that holds a large inventory of a particular asset to keep the market liquid by ensuring that traders have someone to buy and sell with. Read more: Cryptocurrency company Wintermute says hackers stole $160 million

Updated on 2022-09-23

A large scale attack on the cryptocurrency trading company Wintermute has meant that an estimated $160 million has slipped into the hands of the adversary. Although it is unclear how the attacker or attackers will proceed, you can see their (very full!) wallet here.

Updated on 2022-09-21: Crypto Trader Wintermute Loses $160M to Hackers

London-based cryptocurrency trader Wintermute has reportedly lost about $162 million of its decentralised finance (DeFi) operations in digital assets to hackers. The company remains solvent. CEO Evgeny Gaevoy tweeted “We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected”. “We are solvent with over twice that amount in equity left”. Blockchain cybersecurity company Certik has said a that a vulnerability known about since at least January was likely behind the hack. Certik said the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability, and that hat a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack. Read more

Cryptocurrency DeFi platform Wintermute said it was hacked and lost $160 million in a security breach that took place on Tuesday, September 20.

Most of the cryptocurrency security space appears to believe the attacker exploited a recently-disclosed vulnerability in an Ethereum vanity address generator tool to steal funds from Wintermute’s main ETH wallet.

Wintermute’s CEO said the company remains solvent and said they are still open to the idea of offering a bug bounty payout to the attacker if they return the stolen funds.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on