Cyber ​​sleuth claims $160M Wintermute hack was an inside job

A new crypto conspiracy theory is brewing — this time related to last week’s $160 million hack of algorithmic market maker Wintermute — which a crypto detective claims is an “inside job.”

Cointelegraph reported on September 20 that a hacker had exploited a bug in a Wintermute Smart Contract This allows them to swipe over 70 different tokens, including $61.4 million in USD coins (USD/USD), $29.5 million in Tether (USDT) and 671 Wrapped Bitcoin (wBTC), worth about $13 million at the time.

in a analyze In a hack published via Medium on September 26, the author named Librehash argues that because of the way Wintermute’s smart contracts are interacted and ultimately exploited, this suggests that the hack was carried out by an insider, claiming:

“Related transactions initiated by EOA [externally owned address] It is clear that the hackers are likely to be internal members of the Wintermute team. “

The author of the analysis article, also known as James Edwards, is not a well-known cybersecurity researcher or analyst. The analysis is his first post on Medium, but so far has not received any response from Wintermute or other cybersecurity analysts.

In the post, Edwards stated that the current theory is that the EOA “invoked the ‘compromised’ Wintermute smart contract itself was compromised by the team’s use of a flawed online vanity address generator tool.”

“The idea is that by recovering the EOA’s private key, the attacker is able to invoke the Wintermute smart contract, which allegedly has administrator access,” he said.

Edwards went on to assert that there is no “problematic Wintermute smart contract upload, verification code,” making it difficult for the public to confirm current outside hacking theories, while also raising transparency concerns.

“This in itself is a matter of transparency on behalf of the project. One would expect that any smart contracts responsible for managing user/client funds that have been deployed on the blockchain will be publicly verified to give the public a chance to inspect and audit the unflattened Solidity code, ‘ he wrote.

Edwards then conducted a more in-depth analysis by manually decompiling the smart contract code himself, claiming that the code did not match what led to the hack.

related: Nearly $1M in cryptocurrency stolen from vanity address breach

Another point he questioned was the specific transfer that took place during the hack, “showing a transfer of $13.48 million from the Wintermute smart contract address to the 0x0248 smart contract (Said to be created and controlled by Wintermute hackers). ”

Edwards highlighted Etherscan transaction history, which purportedly shows that Wintermute moved over $13 million worth of Tether dollars (USDT) from two different exchanges to resolve compromised smart contracts.

“Why did the team wire $13 million worth of funds into a smart contract they *know* was broken? From two different exchanges?” he question via Twitter.

However, his theory has yet to be corroborated by other blockchain security experts, although after last week’s hack, there was some noise in the community that the inner workings could be a possibility.

provide a hacker update Wintermute noted via Twitter on Sept. 21 that while it is “very unfortunate and painful,” its other businesses have not been affected, and it will continue to serve its partners.

“This hack was not related to our DeFi smart contracts and did not affect any of Wintermute’s internal systems. No third party or Wintermute data was compromised.”

Cointelegraph has reached out to Wintermute for comment, but had not received an immediate response at the time of publication.