After the Cryptofirm Wintermute lost a massive $160 Million in the targeted DeFi hack, CEO Evgeny Gaevoy revealed a few more details about the hack and offered a 10% bounty to the hacker.
In a series of tweets, CEO Gaevoy revealed that the attack was related to wallets used for DeFi proprietary trading operations, which are completely different and independent from the firm’s CeFi and OTC operations. Earlier, he had emphasized about his CeFi and OTC verticals being safe.
He reiterated that the internal systems in both Cefi and Defi are ‘unaffected’, and so is any internal or counterparty data. Gaevoy revealed that the hack was likely linked to the Profanity-type exploit of the DeFi trading wallet.
Also Read: Crypto Firm Wintermute Suffers DeFi Hack worth $160 Million
Keeping up with his ‘white hat hack’ assertion that was made yesterday, Gaevoy said that the hacker will be offered a 10% bounty on funds taken. To make it even easier, Gaevoy proposed to transfer all of the funds taken through the exploit, save for $16M USDC, to: 0x4f3a120E72C76c22ae802D129F599BFDbc31cb81.
He confirmed the use of “Profanity and an internal tool to generate addresses with many zeroes in front”. He, however, pointed out the reason for using the tool as gas optimization, and not “vanity”.
Last time, it was in June, that the firm generated addresses in this manner. Since then the firm has moved to a more secure key generation script. After getting to know about the Profanity exploit last week, Wintermute accelerated the “old key” retirement.
The CEO added, “And then, due to an internal (human) error, a wrong function has been called and we blacklisted the router instead of the operator (contract that signs)”.
He highlighted the need to automate processes to a huge extent as multisig solutions are not applicable to the firm’s high speed trading. He said that the firm continuously invests into processes to minimize human impact.
He also wrote, “Back in 2019, as we started our defi journey, we always acknowledged the risks that came with operating without safeguards of 2fa protected key generation. Being purely on-chain brought it to a whole new level of complexity”.
However, Gaevoy hopefully concluded that the firm is going to move forward through the bear market without any lay-offs or strategy changes or any emergency fundraise and said that the firm would not give up on DeFi.
