Blockchain cybersecurity firm Certik said that the Wintermute hack targeted a vulnerable private key. It was likely that there was an exploitation of a vulnerability — which was widely acknowledged since January — found in private keys produced by the Profanity app.
On Tuesday, the U.K. based algorithmic crypto market maker announced the breach and said that it has not impacted the centralized nor over-the-counter financial operations. Cryptocurrencies valued at around $162.5 million were seized.
Evgeny Gaevoy, CEO of Wintermute, tweeted: “We are solvent with twice over that amount in equity left.”
In a blog post, Certik claimed that it was a leaked or brute-forced private key that led to the hack, instead of a smart contract vulnerability. The company continued to say that the attack was presumably caused by a vulnerability in the well-known Profanity vanity address generator.
The potential Profanity vulnerability was discovered by decentralized exchange 1inch Network in a blog post on September 13 and a subsequent warning spread on Twitter, according to Certik. 1inch users discovered the vulnerability after a dubious airdrop in June.
It was determined that the vulnerability was to blame for the $3.3 million breach on September 13. The developer abandoned the project and later archive it on September 15 after GitHub users found the issue in January 2022.
Certik stated that the private key compromise has brought $273.9 million worth of loss to the company so far this year, making it “one of the largest attack vectors”. The Harmony Protocol in June, which lost $97 million from the hack, came in second to the Wintermute attack.