Hackless view on Wintermute’s $160M hack: “Risk wasn’t taken seriously”

One of the leading crypto market makers, Wintermute, has recently lost about $160 million in its second hack for the past 3 months. This time their hot wallet was compromised with Profanity — a simple vanity address generator for Ethereum.

Our partner Hackless.io has a word to say about this incident, and some security advice to give this and other DeFi projects for the future.

According to Hackless, the vulnerability in private keys generated by Profanity had been known since at least January. Both Wintermute’s hot wallet and DeFi vault contract seem to have Profanity vanity addresses.

The hot wallet’s private key was likely exploited and used to drain the vault, which led to the loss of $160 million and upcoming challenge for Wintermute to pay in debt.

Hackless.io notes that the weak security of Profanity-generated addresses had been exposed to the community for some time already.

Yet looks like it wasn’t taken seriously. The rising number of exploits and hacks speak for themselves

— the Hackless experts say.

At least 3 projects over 2 weeks got brutally exploited:

@wintermute_t — $160M stolen via a compromised hot wallet key created by a vanity name provider;

@GMX_IO — $565K price manipulation ‘exploit’ on the AVAX/USD market;

@KyberNetwork — $265K of users’ funds drained via a frontend exploit.

The nature of exploits is different in each case, but there can be a common security approach: seamless activity monitoring & analysis.

The conclusion to be made is that DeFi needs powerful security tools right away.

We just wish we already had our Hackless services developed so we could empower DeFi teams with tools for detecting hackers before they do harm

— the experts reiterate.