WinterMute’s $160M Exploit Analysis | QuillAudits

4 min readSep 21, 2022

Summary:

On the 20th of September, 2022, Wintermute Protocol was hacked. This time exploit was not caused due by any smart-contract vulnerabilities instead it was caused due to compromised private keys which are suspected to compromise because of the recent Profanity Bug. Around $160 Million were successfully stolen by hackers.

Introduction to Wintermute Protocol:

Wintermute is one of the largest algorithmic trading firms in digital assets globally. Wintermute is an official market maker for many of the most prominent blockchain projects. They create liquid and efficient markets on centralized and decentralized trading platforms and off-exchange.

To know more about the protocol see here.

Vulnerability Analysis & Impact:

There are total 4 addresses involved in this attack:

Attacker EOA: 0xe74b28c2eae8679e3ccc3a94d5d0de83ccb84705 Attack Attacker’s Contract: 0x0248f752802b2cfb4373cc0c3bc3964429385c26
Compromised EOA: 0x0000000fe6a514a32abdcdfcc076c85243de899b Victim Wintermute’s Contract: 0x00000000ae347930bd1e7b0f35588b92280f9e75

Wintermute address is suspected to have used the Profanity tool to generate the address. The attack was due to a vulnerability in Profanity, which lead the hacker to gain the private key of Wintermute’s EOA. So, before going into WinterMute’s Exploit, let’s first understand the Profanity Bug.

The Profanity Bug

Profanity is an Ethereum vanity address generation tool that allows users to create a personalized address that contains a predefined string of numbers and letters (A through F). 1inch discovered a vulnerability in this software that would allow anyone to crack the keys of every 7-character vanity address.

It has been proved that by using 1,000 powerful graphics processing units (GPU), all 7-symbol vanity addresses could be brute forced within a period of 50 days.

To know more about this vulnerability, you can check the blog by 1inch here.

Attack Steps:

First, the attacker deploys the malicious contract. See here.

2. The attacker compromised WinterMute’s admin EOA (using the profanity bug). The vault only allows admins to do these transfers. Then the attacker transfers 2 Ether from his EOA to the Compromised EOA. See here.

3. Now, the attacker called the 0x178979ae function of the Victim Contract from the compromised EOA.

4. Calling the 0x178979ae function requires permission checks. As the attacker called it with compromised EOA, which is the admin’s address so it passed the permission check. Now, what this function does is that it transfers the tokens to Attacker’s malicious contract. This function ran around 109 times. (See here)

5. And after the tokens were transferred to the attacker’s malicious contract, it transferred tokens back to the attacker’s wallet in numerous transactions. See here.

After the Exploit :

Within a few hours of the attack, the CEO of Wintermute announced that they have been hacked and around $160M has been stolen. Hack affected only DeFi operations and no Centralized Finance or OTC operations were affected.

Status of Funds:

All the funds sit at the address of the attacker. We can see the breakdown of the assets here:

How they could have prevented the Exploit?

The attack was due to a bug in the profanity address generator. The attack could be prevented by using a hardware wallet or a multisig wallet which is considered more secure. Before the incident, They realized that they might be vulnerable, So they remove all ether from this admin address (see here). But forgot to remove this address as admin from the contract.