Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

  /     /     /  
Publicated : 23/11/2024   Category : security


Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist


The decentralized finance (DeFi) platform was the victim of an exploit for a partners vulnerable code — highlighting a challenging cybersecurity environment in the sector.



London-based cryptocurrency-trading platform Wintermute saw cyberattackers take off with $160 million this week, likely due to a security vulnerability found in a partners code. The incident showcases deep concerns around implementing security for this finance sector, researchers say.
Wintermute founder and CEO Evgeny Gaevoy took to Twitter to say that the heist was aimed at the companys decentralized finance (DeFi) arm, and that while the incident might disrupt some operations for a few days, the company is not existentially impacted.
We are solvent with twice over that amount in equity left,
he tweeted
. If you have a [money-management] agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after.
He also said that about 90 assets were hit, and appealed to the culprit: We are (still) open to treat this as a white hat [incident], so if you are the attacker — get in touch.
Meanwhile, he explained
to Forbes
that the white hat comment means that Wintermute is offering a $16 million bug bounty, if the cyberattacker returns the remaining $144 million.
He also told the outlet that the theft likely traces back to a bug in a service called Profanity, which allows users to assign a handle to their cryptocurrency accounts (normally account names are made up of long, gibberish strings of letters and numbers). The vulnerability,
disclosed last week
, allows attackers to uncover keys used to encrypt and pry open Ethereum wallets generated with Profanity.
Wintermute was using 10 Profanity-generated accounts to make rapid trades as part of its DeFi business, according to Forbes. DeFi networks connect various cryptocurrency blockchains to create a decentralized infrastructure for borrowing, trading, and other transactions. When news of the bug broke, the crypto-firm tried to take the accounts offline, but due to “human error,” one of the 10 accounts remained vulnerable and allowed the attackers into the system, Gaevoy said.
Some of these [DeFi] technologies also involve third-party integrations and connections where the company may not have the ability to control the source code, leading to additional risk for the company, Karl Steinkamp, director at Coalfire, tells Dark Reading. In this instance, a vanity digital asset address provider, Profanity, was leveraged in the attack ... An expensive and preventable mistake for Wintermute.
Analysts with Bishop Fox earlier this year found that
DeFi platforms lost $1.8 billion
to cyberattacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the
difficulty in locking down the sector
, which relies on automated transactions.
And, just last month, the FBI issued
a warning
that cybercriminals are increasingly exploiting vulnerabilities in DeFi platforms to steal cryptocurrency, to the tune of $1.3 billion nabbed between January and March 2022 alone.
Researchers note that enhanced adoption and price appreciation of digital assets has and will continue to attract the attention of malicious individuals — as will the lax state of security in the DeFi area.
Many of these companies are growing at such a rapid pace, customer acquisition is their primary focus, Mike Puterbaugh, CMO at Pathlock, says. If internal security and access controls are secondary to grow at all costs, there will be gaps in application security that will be exploited.
The obstacles in shoring up DeFi security are numerous; Wintermutes chief noted that finding appropriate tools is difficult.
You need to sign transactions on the fly, within seconds, Gaevoy told Forbes, adding that Wintermute had to create its own security protocols since tools are lacking. He also admitted that Profanity didnt offer multifactor authentication, but the company decided to use the service anyway. Ultimately, thats the risk we took. It was calculated, he added.
Steinkamp notes, Depending on the architecture of the DeFi platform, there may be a multiple of challenges in securing them. These may range from risk from third parties, to crypto-bridge bugs, human error, and the lack of secure software development, to name just a few.
And Puterbaugh points out that even with out-of-the-box controls and configurations enabled, customizations and integrations could create weaknesses in overall security.
Despite the challenges, there are nonetheless best-practice approaches that DeFi platforms should be implementing.
For instance, Puterbaugh advocates implementing access controls with each new app deployment, along with continuous checks for access conflicts or application vulnerabilities, as key, especially when dealing with easily portable digital currency.
Also, companies within the DeFi space need to routinely be doing internal and external testing of their platforms to continually ensure they are mitigating threats proactively, according to Steinkamp. He adds that companies should also implement additional enhanced security measures as a part of transactional security, including multifactor authentication and alert triggers on suspicious and/or malicious transactions.
Every layer helps, he adds. Which would you rather try to gain access to: a house with the door open or a castle with a moat and draw bridge? he says. DeFi companies will continue to be prime targets by cyber-thieves until they implement adequate security and process controls to make attacking their platforms less attractive.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist