Wintermute Just Stole $160 Million Worth of Crypto From DeFi Operations

The “market maker” founded in 2017 has just undergone a major attack. The boss, Evgeny Gaevoy, said the company nevertheless remained “solvent”.

The news just broke. The “market maker” Wintermute has just fallen victim to a large-scale hack. The boss, Evgeny Gaevoy, reported that $160 million worth of cryptocurrencies had been stolen from the company’s decentralized financial (DeFi) operations, CeFi (so-called “centralized finance”) and OTC (Over The Counter, over-the-counter operation, editor’s note) not delivered.

Founded in 2017, Wintermute is responsible for “providing liquidity to the capital markets to ensure there is enough volume at a reasonable price for investors to buy and sell tokens,” the company said in its statement. Market makers “offer buy and sell offers and make money on the spread, just like a currency exchange kiosk.”

The company remains “solvent”

Despite this attack, the company remains “a solvent with twice as much equity as this amount,” the latter said.

The company wanted to reassure its users by explaining that their money is “safe”. “There will be an interruption of our services today and possibly in the coming days,” his boss said.

Likewise, of the 90 assets hacked, only 2 are worth more than $1 million, implying that there should be “no major sale of any kind.”

According to hacker expert ZackXBT (known as a “detective” in the crypto ecosystem), the hacker’s wallet contains tokens circulating on Ethereum.

To face the attack, Evgeny Gaevoy says he’s ready to manage it like a “white hat”, to make sure he wants to cooperate with the attacker (in other words to pretend the hacker in question has acted to identify computer errors on company account).

692% increase

This attack is not the first in DeFi since the beginning of the year. In the first quarter of this year alone, $1.2 billion worth of cryptocurrency was stolen from decentralized finance, according to figures from the Immunefi platform. An increase of 692% compared to the first quarter of 2021. One of the biggest hacks in the history of DeFi, we can call the “Ronin Network” where $ 624 million was stolen from the side chain of Ethereum Ronin of Axie Infinity or the Poly Network hack in which $611 million was stolen from the platform.

DeFi has been gaining momentum for several months: in the first quarter, the total amount of money locked into DeFi protocols represented 10.6% of the entire cryptocurrency market. A real loot, for hackers. Attackers target everything: smart contracts, user wallets, blockchain infrastructure. Once they discover the tiniest flaw in a system, they decide to attack it.

However, despite increasingly sophisticated attacks, KPMG has found that there are still not enough competent experts to deal with them. While automated tools (such as fuzzing) have been introduced to prevent certain attacks, human analysis remains essential.

“We made a simple observation: more and more crypto projects are being hacked. Crypto companies can wait months before they can have their smart contracts audited by audit firms specializing in crypto security, explains BFM crypto Karolina Gorna, cybersecurity and blockchain expert. engineer from KPMG.

As the first accounting firm specializing in crypto security was founded in 2012, and the trend has been accelerating since 2017, according to a KPMG survey, there are currently only 1,105 experts who can conduct audits to verify crypto projects. Most experts are concentrated in the United States (410) and India (170), while Europe (40) lags far behind in this area.

There are currently 18,000 monthly active developers working on so-called open source projects, such as the Bitcoin and Ethereum blockchains. In this context, KPMG believes that there are “too few specialists who can audit crypto projects. This explains the high number of hacks that have taken place at the moment. If we do not increase the number of experts, the hacks will increase.”

Leave a Comment