Crypto: Is the attack on Wintermute coming from within?

In this year 2022, attacks on crypto platforms have been legion. Last week, Wintermute, the leading crypto market maker, had the bitter experience of this. He revealed that he was the victim of a hack that cost him $160 million. Its managers, however, reassured customers that their assets would not be affected. They also dismissed the risk of a collapse of their activities.

Wintermute’s attack was almost perfect

Last week’s attack on crypto platform Wintermute originated from the inside. This is what James Edwards, a blockchain analyst, wrote on Medium on September 26. This analysis comes as the company has still not managed to find the origin of the attack, which cost it a whopping $160 million. James Edwards bases his accusations on what he believes to be questionable transactions and smart contract code that does not match the analysis of data provided by the company.

For him, the way the Wintermute smart contracts were used and exploited suggests that the hack was conducted internally and not by an external address (EOA).

“My theory is that the EOA that made the call on the compromised Wintermute smart contract was itself compromised via the team’s use of a faulty online address generation tool (…) L The idea is that by retrieving the private key from this EOA, the hacker was able to make calls to the Wintermute smart contract, which was supposed to have admin access”did he declare.

However, there is no uploaded and verified code for the Wintermute smart contract. For the public and the crypto community, this makes it difficult to confirm the current external hacker theory, the analyst continues. The latter indicates that this mainly poses problems of transparency within the Wintermute team.

There is another point on which Edwards bases his view on this yet another attack in the crypto universe. Indeed, following the attack, a specific transfer took place. This is a transfer of 13.48 million USDT from the Wintermute smart contract address to the 0x0248 smart contract. The recipient contract may have been created and controlled by the attacker.

Edwards’ theory has yet to be corroborated by any blockchain security expert, or member of the crypto community. However, the specialized press reports that many blockchain technicians are whispering the possibility of a “internal work”.

Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss any of the essential Tremplin.io!

Similar Posts