Welcome back to another Crypto Casefiles. In this installment, we’ll cover the hack suffered by Wintermute and how Profanity and vanity led to a $160 million dollar exploit with more than 90 assets of different values stolen.
Target | Date | Amount Stolen | Type of Attack |
Wintermute | 20/09/2022 | $160 million | Private Key Compromised |
The Set Up
Wintermute is a crypto asset algorithmic trading firm for digital assets and cryptocurrencies. According to their website, they create liquid and efficient markets on over 50 centralized and decentralized trading platforms and off-exchange.
The firm suffered a slightly embarrassing mishap earlier in the year when it accidentally sent $15 million of Optimism tokens to the wrong address. Luckily for Wintermute, the tokens were eventually returned by the recipient.
The Profanity tool is a vanity wallet address generator. Vanity wallets are custom-made crypto addresses that contain a memorable string of characters for easy identification. For example, a person might create a vanity address that contains their initials. The Profanity tool allows for the creation of personalized vanity addresses. Profanity also lowers trading transaction costs for accounts using their addresses, which is the primary reason that the service was being used by Wintermute.
Less than a week before the hack occurred, 1inch published a medium article detailing an apparent attack avenue for users of the vanity-generating tool. The gist of the problem: someone with enough computing power can generate all the possible keys or passwords created for a Profanity vanity address. Then they can scan the associated accounts to see how much money they hold and steal the funds.
Profanity has already been an ongoing part of the news cycle that month, with this wallet taking advantage of a weakness in the wallet’s key generation process to access and drain $3.3M+ in tokens from various users’ wallets.
The Exploit
On September 20th, 2022, Evgeny Gaevoy, the founder and chief executive of Wintermute, disclosed in a series of tweets that the firm’s decentralized finance operations had been hacked.
Gaevoy did not provide details about how the hacker managed to steal the funds but some crypto-experts suggest as a plausible scenario that the attacker likely exploited a bug in Profanity
The Wintermute attack was likely enabled by a defect in Profanity’s algorithm. In a departure from the usual smart contract exploits, this defect allowed an attacker to directly target compromised private keys of Wintermute users.
For the most secure cryptographic practices, a cryptographic pseudorandom number generator (CPRNG) seeded with a random value is used to create random values, such as private keys. Profanity, however, seeded its CPRNG with a 32-bit number. Thus, an attacker with significant compute resources was able to brute-force their way through Profanity address’ possible seed values and recreate the private keys. In Wintermute’s case, both their DeFi vault contract, as well as their hot wallet are likely to be vanity addresses.
While around $160 million has been appropriated by the hacker, Gaevoy noted that “out of 90 assets that has been hacked only two have been for notional over $1 million (and none more than $2.5M),” and that as a result there shouldn’t be a “major selloff” of assets.
The Getaway
The hacker quickly put the stolen assets to use by first transferring $114M assets to the 3crv pool to earn rewards. They then headed to Uniswap and burnt 650,000 WINU tokens and found the time the mint a Radbro NFT. The funds remain in the attacker’s wallet and the 3crv pool to this day.
To speed up the damage control process, Wintermute had offered a 10% bounty on funds taken to the hacker. Gaevoy said the hacker should keep $16 million and refund the balance to a Wintermute address. The bounty remains unclaimed.
Some blockchain sleuths have claimed that the hack was an inside job but Wintermute has refuted the allegations which it described as coming from “an unsubstantiated rumor from a Medium page that has factual and technical inaccuracies associated with the claims made”.
Despite the new $160 million hole in its balance sheet, Gaevoy says Wintermute is on sound financial footing, with more than $350 million in equity. For a couple of hours after the hack, the company paused its OTC trading desk, where it facilitates large trades between other parties. But that has resumed its normal operation.
What can we learn from this?
Some tried and true security practices in crypto, such as using external hardware wallets or multi-sig applications that need to be digitally signed by multiple parties before a transaction is approved, can’t be used for the type of automated trading Wintermute does.
“You need to sign transactions on the fly, within seconds,” says Gaevoy. So they had to invent their own tech tools and security protocols. “Ultimately, that’s the risk we took. It was calculated.”
“It didn’t work out this year,” he admits.
In this particular case, convenience became more important than security which led to a multi-million dollar exploit that would have bankrupted most crypto firms.