Hacker Fleeces Crypto Market Maker Wintermute in $160 Million Digital Asset Theft

Unknown hackers looted London-based crypto trader Wintermute of some $160 million in digital assets, its chief executive said in a series of Twitter posts.

The heist targeted Wintermute’s DeFi, or decentralized operations. DeFi refers to peer-to-peer financial services that take place on blockchains without the involvement of third parties. Five-year-old Wintermute, who trades around $5 billion a day across multiple crypto sites, is the latest victim of a series of lifts over the past few months. In August, Nomad raised nearly $200 million, followed by Curve.Finance which was robbed of nearly $600,000.

Wintermute Hack Detailed

Here are the details of the Wintermute hack, based on a tweet thread attributed to CEO and Founder Evgeny Gaevoy:

  • The company’s lending and over-the-counter (OTC) services were unaffected.
  • The company remains solvent, with “twice as much” $160 million remaining in equity.
  • Wintermute is still treating the hack as a white hat event and has asked the hacker to contact them.
  • Gaevoy said on Twitter that the company’s services were down on Tuesday, September 20, and possibly for the next few days.
  • 90 assets have been hacked but Wintermute does not expect a sale.

“If you are a Wintermute lender, again we are creditworthy, but if you feel safer to recall the loan, we absolutely can,” Gaevoy said in a tweet.

DeFi a common cyberattack target

DeFi hacks are considered the most common vulnerability, security firm Certik, a security firm, said in its State of DeFi Security report released in January. More than $1.3 billion was lost in DeFi project burglaries in 2021, a ballooning 2,500% from the previous year, according to Certik.

Earlier this month, Chainalysis said cyber syndicates linked to North Korea had stolen around $1 billion worth of cryptocurrency from DeFi protocols this year. But US law enforcement recently seized $30 million, marking the first recovery of stolen digital currency by North Korean agents.

CoinDesk reported that Wintermute has over $200 million in outstanding DeFi debt to multiple counterparties, according to chain data, including a $92 million tether loan to TrueFi, $75 million in debt owed to Maple Finance and a $22 million debt to Clearpool.

CoinDesk said it tracked Wintermute holdings using an address assigned to the market maker by data site Nansen. It is not uncommon for crypto market makers to hold debt incurred in billions of dollars in daily transactions, CoinDesk said.

Virginia C. Taylor