Key Takeaways

Wintermute has been hacked for $160 million.
The hackers targeted the firm’s DeFi operations. Its centralized activity and over-the-counter services are unaffected.
Wintermute founder and CEO Evgeny Gaevoy has said the firm is still solvent and user funds are safe.

Share this article

Gaevoy said that the firm would be open to treating the incident as a white hat attack. 

Wintermute Hit for $160M 

Wintermute has been hacked for $160 million, the company’s founder and CEO Evgeny Gaevoy has confirmed. 

We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected

— wishful cynic (@EvgenyGaevoy) September 20, 2022

In a Tuesday tweet storm, Gaevoy said that the market maker had lost the nine-figure sum through its DeFi operations. He added that the firm remained solvent and said its centralized and over-the-counter services were not affected. “We are solvent with over twice [the amount stolen] in equity left,” he wrote, assuring customers that their funds were safe. 

Gaevoy said that 90 different assets were stolen. Of those assets, two of the sums lost were worth between $1 million and $2.5 million. The takings from the remaining 88 were worth under $1 million each. 

Wintermute is one of crypto’s leading market makers. It adds liquidity to markets across both centralized and decentralized trading venues to improve efficiency. It also runs an over-the-counter service for high-net-worth individuals and institutional clients. 

Polygon’s chief information security officer Mudit Gupta posted a tweet storm and blog post about the hack early Tuesday, saying he suspected that it was “a hot wallet compromise.” Gupta pointed out that Wintermute recently disclosed a Profanity bug, which may have inspired some hackers to target the firm. 

On-chain researcher zachxbt shared the hacker’s wallet on Twitter, pointing to an Ethereum address that currently holds $163 million worth of digital assets, per Zapper data. Around 70% of the funds have been deposited to Curve Finance’s tricrypto pool, a popular move among hackers who don’t intend to return stolen funds (stablecoin issuers like Circle and Tether can’t freeze funds once they get added to decentralized exchange liquidity pools).

Rounding out the announcement of the hack, Gaevoy said that the firm would be happy to treat the incident as a white hat attack and invited the perpetrator to come forward. 

Interestingly, several crypto users got in touch with the attackers via on-chain messages after zachxbt shared the address. “look [sic] like you start approving the contract to dump now, please think about that and return,” one wrote. 

Disclosure: At the time of writing, the author of this piece owned ETH, CRV, and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.