Well-known vulnerability in private keys likely exploited in $160M Wintermute hack

Published at: Sept. 20, 2022

Blockchain cybersecurity company Certik has said a vulnerable private key was attacked in the Wintermute hack. A vulnerability in private keys generated by the Profanity app was likely exploited. The vulnerability has been known since at least January.

The UK-based algorithmic crypto market maker announced the hack on Sept. 20, and said over-the-counter and centralized finance operations were not affected. About $162.5 million worth of cryptocurrencies were taken. “We are solvent with twice over that amount in equity left,” Wintermute CEO Evgeny Gaevoy said in a tweet.

Certik said in a blog post that the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability:

“The exploiter used a privileged function with the private key leak to specify that the swap contract was the attacker controlled contract.”

The company added that a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack.

Certik noted that decentralized exchange 1inch Network disclosed the apparent Profanity vulnerability in a Sept. 13 blogpost and subsequent warning on Twitter. 1inch users spotted the vulnerability after a suspicious airdrop took place in June. 1inch said on its blog:

“Profanity is one of the most popular tools due to its high efficiency. Sadly, that could only mean that most of the Profanity wallets were secretly hacked.”

The vulnerability was blamed for the hacking of $3.3 million on Sept. 13. GitHub users spotted the issue in January 2022, leading the developer to abandon the project and then archive it on Sept. 15.

RUN, YOU FOOLS ⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!➡️ Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch

— 1inch Network (@1inch) September 15, 2022

A private key is derived from a user’s seed phrase, which is a list of 12-24 words associated with a wallet that allows a user to recover the cryptocurrency in a wallet, even if the wallet is lost or deleted.

Related: Polygon CSO blames Web2 security gaps for recent spate of hacks

According to Certik, around $273.9 million has been lost this year due to compromised private keys, making the method “one of the largest attack vectors.” The Wintermute attack is by far the largest, with the Harmony Protocol hack in June coming in second at $97 million.

Tags
Related Posts
Blockchain Is Not a Cure-All for Every Video Conferencing Flaw
With the coronavirus pandemic forcing many businesses to adopt work-from-home policies, the demand for video conferencing programs appears to have increased. Indeed, by late April, video conference app Zoom was seeing 300 million daily meeting participants, a 50% rise from the 200 million recorded at the start of the month. Amid its growing popularity, the United States Federal Bureau of Investigation revealed significant privacy flaws with Zoom. SpaceX, owned by Elon Musk, even reportedly banned employees from using the software on account of these vulnerabilities. Blockchain projects are now getting into the video conferencing arena, looking to leverage the novel …
Technology / June 2, 2020
OpenSea customer service migrating from Discord to Metalink to more adequately protect its community
On Tuesday, nonfungible tokens, or NFTs, platform OpenSea launched a server on Metalink to give verified owners of its collections a direct channel for support, feedback, and updates. In addition, OpenSea said it would no longer offer customer support over Discord DMs. Metalink is a collaboration app for NFT communities which offers users a place to view their collection's value and monitor its associated real-time transaction feed. In addition, channels hosted on Metalink are token-gated, meaning that proof of ownership of an NFT or social token is required to access content. According to OpenSea, the platform is making the switch …
Adoption / Feb. 15, 2022
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023