Well-known vulnerability in private keys likely exploited in $160M Wintermute hack

cointelegraph.com:

Blockchain cybersecurity company Certik has said a vulnerable private key was attacked in the Wintermute hack. A vulnerability in private keys generated by the Profanity app was likely exploited. The vulnerability has been known since at least January.

The U.K.-based algorithmic crypto market maker announced the hack on Tues and said over-the-counter and centralized finance operations were not affected. About $162.5 million worth of cryptocurrencies were taken. “We are solvent with twice over that amount in equity left,” Wintermute CEO Evgeny Gaevoy said in a tweet.

Certik said in a blog post that the hack was due to a leaked or brute-forced private key, and not a smart contract vulnerability:

The company added that a vulnerability in the popular Profanity vanity address generator was probably at fault in the hack.

Certik noted that decentralized exchange 1inch Network disclosed the apparent Profanity vulnerability in a Sept. 13 blogpost and subsequent warning on Twitter. 1inch users spotted the vulnerability after a suspicious airdrop took place in June. 1inch said on its blog:

The vulnerability was blamed for the hacking of $3.3 million on Sept. 13. GitHub users spotted the issue in January 2022, leading the developer to abandon the project and then archive it on Sept. 15.

RUN, YOU FOOLS ⚠️ Spoiler: Your money is NOT SAFU if your wallet address was generated with the Profanity tool. Transfer all of your assets to a different wallet ASAP!➡️ Read more: https://t.co/oczK6tlEqG#Ethereum #crypto #vulnerability #1inch

A private key is derived from a user’s seed phrase, which is a list of 12-24 words associated with a wallet that allows a user to recover the cryptocurrency in a wallet, even if the wallet is lost or deleted.

Relate