A blockchain analyst has alleged that the crypto market making firm, Wintermute’s $160 Million hack could be an insider job.
In a blog posted on Monday, the blockchain analyst James Edwards, who goes under the name Librehash on Medium, said the current theory states that an externally owned address (EOA) behind the “compromised” Wintermute wallet was itself jeopardized due to a vulnerability in a vanity address generator tool.
However, he argued that after analyzing the smart contract and its interactions he drew a conclusion that the knowledge needed to carry out the attack makes it impossible for a random or external hacker to do it.
To prove his point, James added that the smart contract at issue has “no uploaded, verified code,” which further complicates the hack for external parties. As a result, the whole episode raises the issue of ‘transparency’.
James wrote that after an Etherscan analysis, he found the harmed smart contract had received two deposits from Binance and Kraken’s hot wallets. As a result, he claimed that such a transaction must have been made from team-controlled exchange accounts.
After the compromised Wintermute smart contract received over 13M USDT (in Tether), in just a few seconds, the amount was sent from the wallet manually to a contract allegedly controlled by the hacker.
Edwards wrote in a tweet, “We know the team was aware the smart contract had been compromised at this point. So why initiate these two withdrawals directly to the compromised smart contract smack in the middle of the hack?”
As per Edwards, the Wintermute team should answer how the attacker had the necessary signature for contract execution and know which functions to call. This is because there’s indeed no contract source code published.
He hinted that only someone familiar with the close knowledge would be capable of doing so.
It is worth clarifying that Edwards isn’t a professional cybersecurity analyst, and his blog on this hack is his debut Medium post. However, he regularly analyzes possible money laundering on various crypto projects on his Twitter account.
CEO Evgeny Gaevoy had, however, claimed that the firm remains solvent, and urged the hacker to get in touch by offering a 10% bounty.