U.K.-based algorithmic market maker service Wintermute becomes the latest victim of decentralised finance (DeFi) hacks when its protocol suffered a breach early on Tuesday, September 20, 2022, with hackers making off with around $160 million across 90 assets within the platform’s portfolio.
The news of the breach was announced by company CEO and founder, Evgeny Gaevoy, on Twitter. He stated that “We’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected.” While Gaevoy said that around $160 million was taken by hackers, he noted that “out of 90 assets that have been hacked only two have been notional over $1 million (and none more than $2.5 M),” and as a result a “major selloff” of assets should not occur. According to data from Etherscan, over 70 different tokens have been transferred to “Wintermute exploiter,” including $61, 350, 986 in USDC, 671 in Wrapped Bitcoin, and $29, 461, 533 in USDT.
CEO: Company Remains Solvent
The CEO assured the company’s users, lenders, and partners that the platform is “solvent with twice that amount of equity left.” Associated entities should expect full restoration of operation over the next few days. Gaevoy added:
If you have a MM agreement with Wintermute, your funds are safe. There will be a disruption in our services today and potentially for next few days and will get back to normal after.
According to the company’s CEO, the platform is still willing to treat the incident as white hat hacking, meaning it is willing to engage with the attacker. In this instance, the hacker would be required to return the funds, but would also be allowed to keep a percentage as a bounty. The hacker may also contact Wintermute to share the vulnerabilities they have discovered to avoid a repeat of hacks in the future. White hat hacking has become commonplace in the crypto market, even more so in the bear market. Exchange, market markets, and companies often reward hackers with bounties in the form of cash or job opportunities.
What happened to the Wintermute is the result of the outdated business model. Projects that delegate market making to third-party service providers must acknowledge that allocating a large amount of funds to a single market maker’s wallet will eventually cause issues like this. Unfortunately, there are dozens of market makers that manage the process in a “centralized” manner while operating on both CEX and DEX exchanges. We at GotBit consider that the future of market making lies in the designated market making services that don’t take control over the client’s funds.
Alex Andryunin, CEO at GotBit.io
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.