Cryptocurrency market maker Wintermute was breached in the early hours of September 20 when attackers stole $162.5 million from the company’s decentralized finance (DeFi) business, as cryptocurrency firms appear to have become more frequent victims of cybercriminals in recent months.
After both a Tweet from the CEO and Founder, Evgeny Gaevoy and various industry reports, the popular London-based crypto platform’s private key has been compromised in what appears to be a brutal attack that hampered DeFi operations but reportedly did not affect Wintermute’s over-the-counter trading. (DeFi activities are those that take place on the blockchain without using a third party.)
In a separate tweet, Gaevoy also claimed that Wintermute was “solvent with twice the equity left over.” Recently appointed as the official DeFi market maker for the Tron network, five-year-old Wintermute trades billions of dollars a day in the crypto markets, providing liquidity across multiple trading venues.
“If you have one [market maker] Agreement with Wintermute, your funds are safe,” Gaevoy wrote on Twitter. “There will be some disruption to our services today and possibly over the next few days and will return to normal thereafter.”
On its own, this latest attack would be remarkable; but viewed in the broader context of other recent crypto compromises, it seems to point to a troubling and deteriorating cybersecurity trend here.
The Wintermute hack is the fifth biggest this year and the 12th biggest ever, according to Comparitech’s cryptocurrency heist tracker, said Rebecca Moody, head of data research at Comparitech. Total losses from cryptocurrency heists since early 2022 have surpassed nearly $2.3 billion — roughly 30% of all crypto breach losses overall (over multiple years) and close to the $2.7 billion total loss amount in 2021, based on Comparitech’s research.
“2022 also looks set to be a record year for the number of attacks, with 126 attacks recorded so far,” Moody said, “just six fewer than last year’s total of 132.”
Examples of other recent cryptocurrency breaches include: crypto bridge Nomad siphoned nearly $200 million in August; and DeFi protocol Curve Finance also stole $570,000 last month, Moody pointed out.
The Wintermute hack shows how vulnerable DeFi platforms are, said Jeff Williams, co-founder and CTO of Contrast Security, adding that software vulnerabilities continue to plague financial institutions at a high rate.
“This poses a serious challenge for growing DeFi companies to secure their software,” Williams said.
Hugh Brooks, director of security operations at CertiK, a blockchain security tracker, estimates that cryptocurrency firms have lost at least $273 million to private key compromises so far this year, Wintermute likely learned, “making this one of the largest.” Attack vectors this year makes .”
“The exploiter used a privileged function with the private key leak to indicate that the swap contract was the contract controlled by the attacker,” Brooks explained. “By using the stolen private key, the hacker was able to divert funds.”
Why have cryptocurrency market makers, bridges, platforms and other related crypto businesses become such significant targets for bad actors? Rick Vanover, senior director for product strategy at Veeam, a major data protection, backup and recovery platform, said there are “a few aspects” to this escalating spate of attacks.
“One [reason] is just pride and credibility,” said Vanover. “If an individual hacked Company X and harmed Y, that could be huge for storytelling in confident circles. But if you look at why these things are happening, then it comes down to a payoff.”
“Large incidents are always a thoughtful affair, targeted, and often with multiple breakdowns into best practices or intended configurations,” added Vanover. “Why so much? The risks are high, and so much is at stake. The more digitally transformed a company is, the greater the potential payoff.”
Private key compromise and hacks can result in devastating losses for logs. Here are some notable examples of private key compromise, including the attack in Wintermute:
- Wintermute: $162 million
- Harmony Protocol: $97 million
- Hang exploit: $8 million
- ZbExchange: $4.8 million
- Gera Coin: $1.4 million
- Marvin Inu: $350,000
- Bill Murray’s personal wallet: $177,000
- Citizen Funding: $94,000
- Pirate X Pirate: $81,000
- Impermax Funding: $47,000
Source: Blockchain Intelligence Group Investigation Team