Was Wintermute’s $160M Attack an Inside Job?

Was Wintermute’s $160M Attack an Inside Job?

In yet another high-profile crypto heist to target the decentralized finance (DeFi) space, hackers stole $160 million worth of digital assets from trading firm Wintermute. A series of unauthorized transactions were made that siphoned off several coins, including USDC, wrapped ETH, and Tether.

CEO Evgeny Gaevoy has linked the hack to a critical bug in Profanity, an Ethereum vanity address-generating tool.

The latest conspiracy theory doing the rounds, though, is that the hack was an "inside job."

Why exactly does this seem like an inside job? Let’s find out.

The Inside Job Theory

Crypto sleuth James Edwards, who also goes by the name Librehash, claimed that the hack was likely carried out by someone who was aware of Wintermute’s smart contracts.

According to his analysis posted on Medium, Librehash stated that the “knowledge required to execute this hack reduces the possibility that the hacker was a random, external entity.”

In other words, the transactions initiated by the externally owned address had an admin functionality that likely pointed towards an internal member of the Wintermute team. Also, since Wintermute’s smart contract doesn’t have any uploaded or verified code, it not only raises questions about transparency but also makes it even more difficult for the public to verify the hacker theory.

Edwards also suggested foul play since Wintermute transferred the $13 million worth of Tether (USDT) on two different exchanges just two minutes after it was hacked.

On the other hand, crypto security firm BlockSec has refuted the theory, calling it “not convincing enough.” They posted Ether Scan transaction details that showed Wintermute removed admin privileges access right after becoming aware of the hacking attempt.

BlockSec argued that it may have happened via bots and not by a person from the inside.

A Close Call?

Most crypto traders probably would have never heard of Wintermute Trading before the attack, but that does not reduce the significance the company has within the crypto ecosystem.

It is among the top 5 platforms that provide liquidity to over 50 exchanges and trading platforms like Kraken, Coinbase, FTX, and UniSwap. As a market maker, it’s the backbone of several token listings, Dapps, and crypto exchanges.

Liquidity is essential for crypto, and the recent attack could have probably shaken up the industry. Gaevoy, however, has insisted that Wintermute remains solvent and has "twice over" the amount of equity that was stolen.


  1. https://twitter.com/EvgenyGaevoy/status/1572329148411936770
  2. https://medium.com/@librehash_13479/analysis-of-the-wintermute-hack-an-inside-job-736422c08ef1
  3. https://blocksecteam.medium.com/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8

© 2020–2024 Redlion NFT Corp. | Crafted with love in-house.