Wintermute suffered a hack on September 20, 2022. Evgeny Gaevoy, the CEO and creator, revealed the loss of $160 million in a tweet about a cyberattack involving the company’s decentralized finance (DeFi) business.
The announcement comes only a few days after the liquidity provider assumed the role of TRX’s official market maker and joined the TRON ecosystem as a key partner.
Although the business’s loan or OTC services have not been affected, CEO Evgeny Gaevoy said that the company is still viable with “twice over” $160 million in equity left. However, in the latest updates, a cyber sleuth says that the hack was an inside job.
Wintermute hack is not likely an outside hack
The author known as Librehash said in a Sept. 26 study of the attack that it shows the hack was carried out by an internal party because of how Wintermute’s smart contracts were engaged with and eventually abused.
“The relevant transactions initiated by the EOA [externally owned address] make it clear that the hacker was likely an internal member of the team.”
The analysis piece’s author, also known as James Edwards, is not a well-known cybersecurity expert or researcher. His research is his first post on Medium, although neither Wintermute nor any other cybersecurity analysts have commented as of yet.
The EOA “that made the call on the ‘compromised’ Wintermute smart contract was itself compromised by the team’s usage of a flawed internet vanity address generation tool,” according to Edwards’ suggestion in the essay.
Edwards continued by claiming that the smart contract in question does not have any “uploaded, validated code,” making it harder for the general public to verify the current external hacker hypothesis and raising questions about transparency.
After manually reformatting the smart contract code, Edwards conducted a more thorough study and claimed that the code did not correspond to the events that have been credited to have caused the attack.
He also challenges a specific transfer that took place during the attack, noting that it “shows the transfer of 13.48M USDT from the Wintermute smart contract address to the 0x0248 smart contract (allegedly established and managed by the Wintermute hacker).”
To fix a corrupted smart contract, Wintermute allegedly moved more than $13 million in Tether USD (USDT) from two distinct exchanges, according to the transaction history noted by Edwards in Etherscan.