• Thu. Aug 17th, 2023

Wintermute Cyber Criminal Transferred Stolen Cryptocurrency to Curve in Order to Gain Interest

Jun 5, 2023
Marcel Bich

Wintermute’s attacker sought to earn interest on the taken bitcoin by depositing it in the Curve Finance liquidity pool.

The criminal invested $114 million to acquire revenue in the Curve Finance protocol’s liquidity pool after stealing roughly $160 million in crypto from DeFi exchange Wintermute. PeckShield experts remarked regarding this incident via Twitter.

The cracker is Curve’s biggest liquidity supplier as of this writing. The Wintermute attacker has amassed over a third of the Curve Finance liquidity, based on Etherscan data. Payments are made to liquidity suppliers from the framework’s expenses. However, it is unclear what amount the thief was able to make with the cryptocurrency they took.

The Problem With DeFi Protocol

Nobody can sway the attacker at the same moment. It is decentralized to use the Curve protocol. This implies that no restrictions from the centralized operator are necessary for anybody to submit currency to the project’s deposit address. Notably, the US Securities and Exchange Commission (SEC) already made the implication that users of the curve DAO (CRV) tokens are accountable for adhering to legal requirements because all venture activities are decided upon by vote among CRV stakeholders.

The SEC thinks the project should stop progressing if its members don’t adhere to legal obligations. In reply to such calls, Curve executives stated that they were unable to shut down the project because it is completely dependent on the Ethereum network.

The Losses in Numbers

Due to a hacking assault in September 2022, Wintermute wasted $160 million in stablecoins and tokens. According to Evgeny Gaevoy, the organization’s owner, a weakness in wallets made using the Profanity service was the cause of the significant cyberattack.

It is important that the DeFi aggregator of decentralized exchanges ParaSwap Same experienced a breach in October of the exact same year, perhaps because of profanity.

According to the creators of the decentralized exchanger 1inch, the insecure key generation process allowed the potential hacker to obtain the required private keys through brute force. The vulnerability resulted in the theft of around $3.3 million, based on a ZachXBT analyst.