In an announcement, a major crypto trading firm, Wintermute, discloses suffering from a cyberattack, resulting in a loss of over $162 million in DeFi (decentralised finance) operations. Experts expect that the platform’s users will experience a temporary service disruption until the incident is contained.
The CEO of the crypto trading firm also stated that they are willing to consider the incident a white hat event, although unsure if the hacker would want to participate.
Nonetheless, the firm assured that its centralised finance (CeFi) and over-the-counter operations were working as usual and were not affected by the breach. Investors are also offered an option to recall their loans as part of the incident mitigation.
The assets stolen from the trading giant were sent to the hacker’s crypto wallet and moved to the ‘3CRV’ Curve Finance liquidity pool.
According to researchers, the hacker had moved the stolen digital assets to the 3CRV liquidity pool so authorities would be challenged to track and freeze them.
The statement from the company’s CEO has not shared any detail about the hacker’s method of attack. However, cryptocurrency experts have expressed presumptions about a possible scenario of how the attack has transpired.
In the theories, the experts believe that the hacker has abused a security flaw in a vanity address generator for Ethereum called Profanity. This tool helps its users to generate randomised addresses containing the Ethereum vanity address generation feature for creating personalised addresses containing predefined strings of numbers and letters, from A to F.
A discovered security flaw in Profanity forced its author to halt its operations a few years back, involving how anyone could brute-force private keys of a 7-character vanity address using a large collection of GPUs within 50 days.
In connection with the recent breach on Wintermute, researchers said that attackers have already exploited the Profanity flaw to steal millions of digital assets, which might also be the case for the crypto trading firm.
Thus, all investors holding their assets with the Profanity tool are advised to move them elsewhere as soon as possible. Furthermore, the claims that involved the Profanity flaw could be possible since the compromised Wintermute wallet was created with the flawed vanity address generator.
