Wintermute's recent report reveals key details on how the Bitcoin ecosystem is projected to react after the halving.
Wintermute
Redditor’s hacked Bitcoin is a lesson on the hidden dangers of paper wallets
"My Bitcoin was taken. How?" A Reddit user thought they were following best practices until two days ago when their Bitcoin wallet was completely cleaned out.
A Reddit user has become the latest example of why crypto users should be more careful when using wallet generators — after the user lost a few thousand dollars worth of Bitcoin (BTC) from their "secure" paper wallet.
On July 24, a Redditor by the name /jdmcnair posted on the r/Bitcoin subreddit, asking for an explanation on how a hacker could have been able to steal over $3,000 worth of Bitcoin from their supposedly secure paper wallet — which was even generated on an offline computer.
“I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for,” the user wrote.
“I thought I was keeping it in one of the more secure ways possible.”
In an update to his initial post, the Redditor revealed that they used the wallet creation tool walletgenerator.net to create their wallet’s private keys, which some users highlighted have been infamous for vulnerabilities in the past.
Speaking to Cointelegraph, blockchain security firm CertiK's director of security operations Hugh Brooks said users should think twice before using a crypto wallet generator.
Such online wallet generators have served as a viable hacking tool for a while now, Brooks said:
“Some of these wallet generators could be straight-up scams. The website that the post claims returns an IP address in Russia. When looking at a tool such as Criminal IP we can see that the address has several abuse reports filed against it.”
Paper wallet generators have been known to contain serious vulnerabilities since 2019, Brooks said, adding that if anyone has generated wallets using walletgenerator.net then it's likely “the same keys have been given to different users.”
The Profanity wallet generator exploit was a textbook example of this security vulnerability which led to the $160 million hack on algorithmic market maker Wintermute in September.
The solution is simple, according to Brooks. Users wanting safe crypto storage should use a “trusted hardware wallet provider such as Ledger and Trezor.”
Related: Almost $1M in crypto stolen from vanity address exploit
The Redditor was baffled as to why the exploiter waited over 12 months to exploit the funds, prompting another to offer a possible explanation.
“[The hackers] wait for enough noobs to think they generated secure private keys, wait for them to deposit significant amounts, and then, one day, swipe all the funds, so there is no time to react to reports of the site being compromised.”
With a sudden increase in long-dormant Bitcoin wallets waking up — many with funds in the millions — some pundits think it’s due to wallet generators being hacked.
Unpopular crypto opinion: the fact that wallet generators can be cracked and people can lose their funds with no recourse is terrifying. I’m going to tell you what I believe to be the answer, and I know the “make everything decentralized” crew will hate it
— Jesse Hynes (@jesse_hynes) April 25, 2023
Hackers managed to snatch over $300 million in Q2 2023, according to CertiK, a 58% decline from the same period last year.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
Celsius creditors allege Wintermute facilitated ‘wash trading’: Report
It was alleged that Celsius executives purportedly involved Wintermute to facilitate "wash trading" in an effort to “fraudulently" manipulate trading volumes on the Celsius platform.
Creditors of bankrupt cryptocurrency lending platform Celsius have alleged that crypto market maker, Wintermute, assisted Celsius executives in manipulating the price of CEL (CEL) through the use of “wash trading.”
According to a June 23 Bloomberg report, which cited a recent court filing, Celsius creditors have recently amended their lawsuit in the United States District Court of New Jersey to allege that Wintermute was engaged by Celsius executives to conduct improper market trading.
Wintermute, described as a “purported market maker in the crypto industry,” allegedly aided Celsius Network's CEO, Alex Mashinsky, and other executives to “unlawfully manipulate and profit from the illegal wash trading of unregistered CEL Tokens."
The creditors alleged that both, the Celsius executives, and Wintermute, acted with "scienter in connection with the manipulative acts alleged."
“Defendant Wintermute and the Executive Defendants engaged in a scheme that artificially inflated the trading volume of the CEL tokens sold and marketed by Celsius.”
According to the filing, the alleged scheme was uncovered through “publicly available internal conversations” between Celsius executives.
It was further claimed that Celsius executives engaged Wintermute to be involved in these “improper market making” activities from around March 2021 up “until the Celsius froze withdrawals in June 2022.”
It was reported that Celsius had no measures in place to prevent improper market making.
“The supposed controls were virtually non-existent, and those that did exist did not monitor for or protect against “wash trading” or self-dealing” it was stated.
This comes after it was recently reported that the assets of Celsius Network had been acquired through an auction.
Related: Wintermute moves over $4M of Optimism tokens to Binance ahead of OP unlock
On May 25, it was reported that crypto consortium Farhenheit was the successful bidder to acquire the assets of Celsius, previously valued at $2 billion.
The consortium obtained Celsius Network’s institutional loan portfolio, staked cryptocurrencies, mining unit and other alternative investments – which comes almost a year after Celsius initially filed for Chapter 11 bankruptcy, in July 2022.
Cointelegraph reached out to Wintermute for comment, but did receive a response by the time of publication.
Magazine: Tornado Cash 2.0: The race to build safe and legal coin mixers
MicroStrategy, Tether adds to firms distancing from Silvergate as stock dives 57%
MicroStrategy confirmed that none of its 130,000 BTC is custodied by Silvergate. However, the firm does have a loan to pay off to the bank by Q1 2025.
Business intelligence firm MicroStrategy and stablecoin issuer Tether have become the latest two firms to publicly deny any meaningful exposure to Silvergate Bank.
The news comes after Silvergate announced on March 1 that it would postpone the filing of its annual 10-K financial report, which has many fearing the cryptocurrency bank may be on the brink of a bankruptcy filing.
This led MicroStrategy — which holds over 130,000 Bitcoin (BTC) — to confirm that its BTC collateral is not custodied with Silvergate.
The Michael Saylor-founded firm added that it will not need to pay back a loan from Silvergate until Q1 2025 and that a bankruptcy or insolvency event wouldn’t “accelerate” the loan repayment.
We have a loan from Silvergate not due until Q1 ‘25. There are mkt concerns re SI’s fin. condition. For anyone wondering, the loan wouldn’t accelerate b/c of SI insolvency or bankruptcy. Our BTC collateral isn’t custodied w/ SI & we have no other financial relationship w/ SI.
— MicroStrategy (@MicroStrategy) March 2, 2023
Paolo Ardoino, the chief technology officer of Tether, confirmed in a March 2 tweet that Tether is not exposed to Silvergate either.
#Tether does not have any exposure to Silvergate.
— Paolo Ardoino (@paoloardoino) March 2, 2023
A collapse of the cryptocurrency bank could prove costly for the rest of the industry.
Silvergate is a fintech firm that provides financial infrastructure solutions and services to some of the largest cryptocurrency exchanges, institutional investors and mining companies in the world.
It offers a 24/7 payments platform, named Silvergate Exchange Network, which has reportedly processed over $1 trillion in transactions since 2017.
The firm also provides a stablecoin infrastructure platform, digital asset custody management and collateralized lending services to several institutional players in the cryptocurrency industry.
Despite the large network effects, the late 10-K filing appears to have had a consequential effect on its partnerships.
Within 24 hours of the late 10-K filing, Coinbase, Circle, Bitstamp, Galaxy Digital and Paxos confirmed that they will scale back their partnerships with the cryptocurrency bank in some capacity.
Gemini also announced that it has stopped accepting customer deposits and processing withdrawals through Silvergate ACH and wire transfers.
Others who have seemingly cut or reduced ties include Crypto.com, Blockchain.com, Wintermute, GSR and Cboe Digital, according to reports.
Silvergate failed to file their annual report citing regulatory investigations. Possibly not solvent.
— Quinten | 048.eth (@QuintenFrancois) March 2, 2023
They already lost majority of their partners. pic.twitter.com/LKdQtNfRRe
Concerns of Silvergate’s potential financial troubles first surfaced in Q4 2022, when it reported a net loss of $1 billion as a result of the shock collapse of FTX in November.
Related: Coinbase no longer accepts payments via Silvergate Bank
The exact dealings between Silvergate and FTX have been subject to a probe by the United States Department of Justice recently, although there’s been no accusation of wrongdoing at this point.
Plaintiffs in a newly proposed class-action lawsuit against FTX on Feb. 14 accused Silvergate of “aiding and abetting” a “multibillion-dollar fraudulent scheme” that was orchestrated by former FTX CEO Sam Bankman-Fried.
Despite many firms recently claiming not to have exposure to Silvergate, the bank still processed over $3.8 billion in customer deposits in Q4 2022. This was a steep fall from $11.9 billion in Q3 2022, according to Silvergate.
Since the news of the late 10-K filing on March 1, Silvergate’s stock price has fallen a massive 58.7% to $5.57. The stock is now down over 97% since its all-time high of $219.7, hit on Nov. 14, 2021.
Maple Finance Lending Pool Delegate ‘Identified a Number of Key Weaknesses’ Tied to FTX’s Alameda Research
According to a report from Orthogonal Credit, a delegate of Maple Finance’s lending pools, the firm decided “earlier this year” not to lend to Alameda Research, FTX’s quantitative trading firm. Orthogonal said through “due diligence” it “identified a number of key weaknesses” associated with Alameda. Orthogonal Credit Found ‘Key Weaknesses’ Tied to FTX’s Alameda Research […]Wintermute inside job theory ‘not convincing enough’ —BlockSec
The theory is “not convincing enough to accuse the Wintermute project,” wrote BlockSec, as it highlighted that Wintermute’s actions during the hack made sense given the circumstances.
Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is “not convincing enough."
Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart contract exploit was likely conducted by someone with inside knowledge of the firm, questioning activity relating to the compromised smart contract and two stablecoin transactions in particular.
BlockSec has since gone over the claims in a Wednesday post on Medium, suggesting that the “accusation of the Wintermute project is not as solid as the author claimed,” adding in a Tweet:
“Our analysis shows that the report is not convincing enough to accuse the Wintermute project.
In Edward’s original post, he essentially drew attention as to how the hacker was able to enact so much carnage on the exploited Wintermute smart contract that “supposedly had admin access,” despite showing no evidence of having admin capabilities during his analysis.
BlockSec however promptly debunked the claims, as it outlined that “the report just looked up the current state of the account in the mapping variable _setCommonAdmin, however, it is not reasonable because the project may take actions to revoke the admin privilege after knowing the attack.”
Our short analysis of the Accusation of the Wintermute Project: https://t.co/6Lw6FjUrLp@wintermute_t @evgenygaevoy @librehash @WuBlockchain @bantg
— BlockSec (@BlockSecTeam) September 27, 2022
Our analysis shows that the report is not convincing enough to accuse the Wintermute project.
It pointed to Etherscan transaction details which showed that Wintermute had removed admin privileges once it became aware of the hack.
Edwards also questioned the reasons why Wintermute had $13 million worth of Tether (USDT) transferred from two or their accounts on two different exchanges to their smart contract just two minutes after it was compromised, suggesting it was foul play.
Related: Tribe DAO votes in favor of repaying victims of $80M Rari hack
Addressing this, BlockSec argued that this is not as suspicious as it appears, as the hacker could have been monitoring Wintermute transferring transactions, possibly via bots, to swoop in there.
“However, it is not as plausible as it claimed. The attacker could monitor the activity of the transferring transactions to achieve the goal. It is not quite weird from a technical point of view. For example, there exist some on-chain MEV-bots which continuously monitor the transactions to make profits.”
As previously stated in Cointelegraph’s first article on the matter, Wintermute has strongly refuted Edwards claims, and has asserted that his methodology is full of inaccuracies.
Cyber sleuth alleges $160M Wintermute hack was an inside job
James Edwards bases his accusations on what he feels are dubious transactions and smart contract code that doesn’t match the post-mortem analysis.
A fresh new crypto conspiracy theory is afoot — this time in relation to last week's $160 million hack on algorithmic market maker Wintermute — which one crypto sleuth alleges was an "inside job."
Cointelegraph reported on Sept. 20 that a hacker had exploited a bug in a Wintermute smart contract which enabled them to swipe over 70 different tokens including $61.4 million in USD Coin (USDC), $29.5 million in Tether (USDT) and 671 Wrapped Bitcoin (wBTC), worth roughly $13 million at the time.
In an analysis of the hack posted via Medium on Sept. 26, the author known as Librehash argued that due to the way in which Wintermute’s smart contracts were interacted with and ultimately exploited, it suggests that the hack was conducted by an internal party, claiming:
“The relevant transactions initiated by the EOA [externally owned address] make it clear that the hacker was likely an internal member of the Wintermute team.”
The author of the analysis piece, known also as James Edwards, is not a known cybersecurity researcher or analyst. The analysis marks his first post on Medium but so far hasn't garnered any response from Wintermute or other cybersecurity analysts.
In the post, Edwards suggests that the current theory is that the EOA “that made the call on the 'compromised' Wintermute smart contract was itself compromised via the team’s use of a faulty online vanity address generator tool.”
“The idea is that by recovering the private key for that EOA, the attacker was able to make calls on the Wintermute smart contract, which supposedly had admin access,” he said.
Edwards went on to assert that there’s no “uploaded, verified code for the Wintermute smart contract in question,” making it difficult for the public to confirm the current external hacker theory, while also raising transparency concerns.
“This, in itself, is an issue in terms of transparency on behalf of the project. One would expect any smart contract responsible for the management of user/customer funds that’s been deployed onto a blockchain to be publicly verified to allow the general public an opportunity to examine and audit the unflattened Solidity code,” he wrote.
Edwards then went into a deeper analysis via manually decompiling the smart contract code himself, and alleged that the code doesn’t match with what has been attributed to causing the hack.
Related: Almost $1M in crypto stolen from vanity address exploit
Another point that he raises questions about was a specific transfer that happened during the hack, which “shows the transfer of 13.48M USDT from the Wintermute smart contract address to the 0x0248 smart contract (supposedly created and controlled by the Wintermute hacker).”
Edwards highlighted Etherscan transaction history allegedly showing that Wintermute had transferred more than $13 million worth of Tether USD (USDT) from two different exchanges, to address a compromised smart contract.
“Why would the team send $13 million dollars worth of funds to a smart contract they *knew* was compromised? From TWO different exchanges?,” he questioned via Twitter.
His theory has, however, yet to be corroborated by other blockchain security experts, although following the hack last week, there were some murmurs in the community that an inside job could've been a possibility.
The fact that @wintermute_t used the profanity wallet generator and kept millions in that hot wallet is negligence or an inside job. To make things worse the vulnerability in profanity tool was disclosed a couple of days ago.
— Rotex Hawk (@Rotexhawk) September 21, 2022
Providing an update on the hack via Twitter on Sept. 21, Wintermute noted that while it was “very unfortunate and painful,” the rest of its business has not been impacted and that it will continue to service its partners.
“The hack was isolated to our DeFi smart contract and did not affect any of Wintermute's internal systems. No third party or Wintermute data was compromised.”
The hack was isolated to our DeFi smart contract and did not affect any Wintermute’s internal systems. No third party or Wintermute data was compromised.
— Wintermute (@wintermute_t) September 21, 2022
Cointelegraph has reached out to Wintermute for comment on the matter but has not received an immediate response at the time of publication.
The impact of the Wintermute hack could have been worse than 3AC, Voyager and Celsius — Here is why
Market makers are the backbone of every crypto exchange, ICO, DApp and many token listings, which is exactly why investors shouldn’t shrug off Wintermute’s hack.
Most crypto investors probably never heard of Wintermute Trading before the Sept. 20 $160 million hack, but that does not reduce their significance within the cryptocurrency ecosystem. The London-based algorithmic trading and crypto lending firm also provides liquidity to some of the largest exchanges and blockchain projects.
As a crypto-native trading firm, meaning digital assets have been its core since its inception in July 2017, Wintermute’s expertise in the sector is attested by $25 million in funding from global venture capital investors like Fidelity Investments, Pantera Capital and Blockchain.com Ventures.
Lending and venture capital firms have limited impact on day-to-day operations
An important distinction sets a market maker apart from bankrupt crypto venture capital firms like 3 Arrows Capital or insolvent lending and yield platforms like Voyager Digital and Celsius Network. Wintermute’s $160 million hack could have a much more profound impact on the crypto industry, considering how essential liquidity is.
The very nature of these businesses is vastly different. For example, a venture capitalist typically invests in pre-seed or seed capital by funding the projects ahead of their launch. There is a need for early-stage funding for tokens, nonfungible token (NFT) projects, decentralized applications (DApps) and infrastructure, but the money will eventually come up when a good team, idea and community are assembled.
Furthermore, the failure of a certain venture capitalist, whether it is or is not relevant to the industry, does not damage its competitors' reputation. In fact, the opposite sentiment emerges because it proves that picking the right projects pays off, if the firm has been correctly managing its risk exposure. The same can be said for the yield and lending platforms, which basically compete for client deposits and scramble to offer the best returns.
When market markers fail, liquidity dries up and there is nothing worse for tradable assets than spreads growing wider. Most DApps users and exchanges aren't aware of these intermediaries because their work is hidden within the order books and price arbitrage across intermediaries whether or not they are centralized. The real secret lies in algorithmic trading.
By applying sophisticated modeling and trading software, algorithmic firms like Wintermute resort to diverse strategies to find a competitive advantage over regular traders, including arbitrage, derivatives and colocation servers for high-frequency market access.
In addition to traditional proprietary desk trading, Wintermute provides market-making services by facilitating transactions on intermediaries using their own resources. These services can be hired by exchanges, brokers, token issuers or third-party entities such as foundations and supporting companies.
Specialized trading firms usually handle this process, but the activity can also be carried out independently. Currently, Wintermute, Alameda Research, DRW, Jump Trading and Cumberland are some of the leading prop trading firms that provide liquidity for centralized exchanges and decentralized finance (DeFi) platforms.
This week’s hack was not Wintermute’s first million-dollar mistake
Wintermute was hired by the Optimism Foundation to provide liquidity for its token listing in June 2022 but completely messed up by losing 20 million OP tokens. Wintermute's team disclosed the incident to the Optimism community and posted 50 million USD Coin (USDC) as collateral to ensure the protocol was fully reimbursed.
Think about that for a moment. Exchanges, blockchain projects, venture capitalists and DApps all need some form of liquidity to ensure that the secondary market works seamlessly for end users. Without thin spreads and some depth to the order book, there is barely a chance for any project to succeed.
Whether one considers liquidity providers to be villains or heroes, their importance to the crypto industry cannot be underestimated. The current hack could have been due to mistakes exclusive to Wintermute, and for this reason, they haven’t turned manifest as an additional risk for other market makers.
Traders should not compare the failure of 3AC, Voyager and Celsus to the threat of a liquidity vacuum that is driven by the exodus of the remaining arbitrage desks. There is no indication that widespread risk has emerged at the moment, but until a detailed post-mortem is issued and similar risks eliminated, traders should keep a close eye on the markets.
The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.
DeFi CEO Attempts Negotiation As $160,000,000 Goes Missing From Crypto Platform
The chief executive of a recently hacked decentralized finance (DeFi) platform is attempting to negotiate with presumed hackers after a $160 million attack. The Wintermute DeFi platform was recently hacked and saw $160 million worth of crypto assets vanish. According to blockchain security firm PeckShield, a large amount of stablecoins, plus some Ethereum (ETH) and Wrapped […]
The post DeFi CEO Attempts Negotiation As $160,000,000 Goes Missing From Crypto Platform appeared first on The Daily Hodl.