Amber Group uses simple hardware to show just how fast, easy the Wintermute hack was

Published at: Sept. 30, 2022

Amber Group has reproduced the recent Wintermute hack, the Hong Kong-based crypto finance service provider announced on its blog. The process was fast and simple, and used hardware easily accessible to consumers. Wintermute lost over $160 million in a private key hack on Sept. 20.

Reproducing the hack can help “build a better understanding of the attack surface spectrum across Web3,” Amber Group said. It was only hours after the hack of UK-based crypto market maker Wintermute was revealed that researchers were able to pin the blame for it on the Profanity vanity address generator.

One analyst suggested that the hack had been an inside job, but that conclusion was rejected by Wintermuteand others. The Profanity vulnerability was already known before the Wintermute hack.

classy

— wishful cynic (@EvgenyGaevoy) September 27, 2022

Amber Group was able to reproduce the hack in less than 48 hours after preliminary setup that took less than 11 hours. Amber Group used a Macbook M1 with 16GB RAM in its research. That was far speedier, and used more modest equipment, than how a previous analyst had estimated the hack would play out, Amber Group noted.

Related: The impact of the Wintermute hack could have been worse than 3AC, Voyager and Celsius — Here is why

Amber Group detailed the process it used in the re-hack, from obtaining the public key to reconstructing the private one, and it described the vulnerability in the way Profanity generates random numbers for the keys it produces. The group notes that its description “does not purport to be complete.” It added, repeating a message that has often been spread before:

“As well documented by this point — your funds are not safe if your address was generated by Profanity […] Always manage your private keys with caution. Don’t trust, verify.”

The Amber Group blog has been technically oriented from its inception, and has addressed security issues before. The group achieved a $3-billion valuation in February after a Series B+ funding round.

Tags
Related Posts
Velodrome recovers $350K stolen funds from team member Gabagool
Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the …
Blockchain / Aug. 14, 2022
Finance Redefined: Alchemy raises $200M, Bunny goes DAO, Feb. 4–11
Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter. As the DeFi space continues its technical resurgence, essential news on funding, innovation and DAOs continues to drive adoption in what remains a nascent industry. For the full version of this newsletter including longer, more descriptive analysis of the top stories this week, subscribe below: Alchemy raises $200M in latest funding, ACH token soars 77% Web3 platform Alchemy announced the launch of a $200-million Series C funding round this week, giving the company a decacorn status and a valuation of $10.2 billion. The seven-investor round was led by two California-based …
Decentralization / Feb. 12, 2022
Ankr says ex-employee caused $5M exploit, vows to improve security
A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team. The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server. After Action Report: Our Findings From the aBNBc Token Exploit We just released a new blog post that goes in-depth about this: https://t.co/fyagjhODNG A pic.twitter.com/d6psUbpxNY …
Defi / Dec. 21, 2022
Raydium announces details of hack, proposes compensation for victims
The team behind the Raydium decentralized exchange (DEX) has announced details as to how the hack of Dec. 16 occurred and offered a proposal to compensate victims. According to an official forum post from the team, the hacker was able to make off with over $2 million in crypto loot by exploiting a vulnerability in the DEX’s smart contracts that allowed entire liquidity pools to be withdrawn by admins, despite existing protections being to prevent such behavior. The team will use its own unlocked tokens to compensate victims who lost Raydium tokens, also known as RAY. However, the developer does …
Defi / Dec. 21, 2022
Crypto exploit losses in January see nearly 93% year-on-year decline
Aside from the bullish crypto market rally in January, there’s been more positive industry news as the month saw a decline in losses from exploits compared to the same time last year. According to data from blockchain security firm PeckShield on Jan. 31, there were $8.8 million in losses from crypto exploits in January. There were 24 exploits over the month, with $2.6 million worth of crypto being sent to mixers such as Tornado Cash. The breakdown of assets sent to mixers includes 1,200 Ether (ETH) and around 2,668 BNB (BNB). The January figures are 92.7% lower than the $121.4 …
Defi / Feb. 1, 2023