Breach, Content

Hacker Fleeces Crypto Market Maker Wintermute in $160 Million Heist of Digital Assets

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

Unknown hackers have plundered London-based crypto trader Wintermute of some $160 million in digital assets, its chief executive said in a series of Twitter posts.

The heist targeted Wintermute’s DeFi, or decentralized operations. DeFi refers to peer-to-peer financial services that take place on blockchains without the involvement of third parties. The five-year-old Wintermute, which trades some $5 billion daily across multiple crypto venues, is the latest victim in a series of lifts in the past few months. In August, Nomad had nearly $200 million lifted followed by Curve.Finance’s being fleeced of nearly $600,000.

Wintermute Hack Detailed

Here are the particulars of the Wintermute hack, based on a tweet thread attributed to chief executive and founder Evgeny Gaevoy:

  • The firm's lending and over-the-counter (OTC) services have not been affected.
  • The company remains solvent, with "twice over" $160 million remaining in equity.
  • Wintermute is still treating the hack as a white hat event and asked the hacker to contact them.
  • Gaevoy said on Twitter the company’s services were disrupted on Tuesday, September 20 and possibly for the next few days.
  • 90 assets have been hacked but, Wintermute does not expect a sell-off.

"If you are a lender to Wintermute, again, we are solvent, but if you feel safer to recall the loan, we can absolutely do that," Gaevoy said in a tweet.

DeFi a Common Cyberattack Target

DeFi hacks are viewed as the most common vulnerability, the security firm Certik, a security firm, said in its State of DeFi Security report released in January. More than $1.3 billion were lost in heists of DeFi projects in 2021, a 2500% balloon from the prior year, according to Certik.

Earlier this month, Chainalysis said that North Korea-linked cyber syndicates have stolen approximately $1 billion of cryptocurrency from DeFi protocols this year. But U.S. law enforcement recently seized $30 million back, marking the first time digital currency stolen by North Korean operatives has been recovered.

CoinDesk reported that Wintermute has over $200 million in outstanding DeFi debt to several counterparties, according to on-chain data, including a $92 million tether loan to TrueFi, a $75 million debt owed to Maple Finance and a $22 million debt to Clearpool.

CoinDesk said it tracked Wintermute's holdings using an address attributed to the market maker by the data site Nansen. It’s not uncommon for crypto market makers to hold debt incurred over the course of billions of dollars in trades daily, CoinDesk said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.