Wintermute

The impact of the Wintermute hack could have been worse than 3AC, Voyager and Celsius — Here is why

September 21, 2022 Coin Telegraph

Arbitrage

Market makers are the backbone of every crypto exchange, ICO, DApp and many token listings, which is exactly why investors shouldn’t shrug off Wintermute’s hack.

Most crypto investors probably never heard of Wintermute Trading before the Sept. 20 $160 million hack, but that does not reduce their significance within the cryptocurrency ecosystem. The London-based algorithmic trading and crypto lending firm also provides liquidity to some of the largest exchanges and blockchain projects.

As a crypto-native trading firm, meaning digital assets have been its core since its inception in July 2017, Wintermute’s expertise in the sector is attested by $25 million in funding from global venture capital investors like Fidelity Investments, Pantera Capital and Blockchain.com Ventures.

Lending and venture capital firms have limited impact on day-to-day operations

An important distinction sets a market maker apart from bankrupt crypto venture capital firms like 3 Arrows Capital or insolvent lending and yield platforms like Voyager Digital and Celsius Network. Wintermute’s $160 million hack could have a much more profound impact on the crypto industry, considering how essential liquidity is.

The very nature of these businesses is vastly different. For example, a venture capitalist typically invests in pre-seed or seed capital by funding the projects ahead of their launch. There is a need for early-stage funding for tokens, nonfungible token (NFT) projects, decentralized applications (DApps) and infrastructure, but the money will eventually come up when a good team, idea and community are assembled.

Furthermore, the failure of a certain venture capitalist, whether it is or is not relevant to the industry, does not damage its competitors' reputation. In fact, the opposite sentiment emerges because it proves that picking the right projects pays off, if the firm has been correctly managing its risk exposure. The same can be said for the yield and lending platforms, which basically compete for client deposits and scramble to offer the best returns.

When market markers fail, liquidity dries up and there is nothing worse for tradable assets than spreads growing wider. Most DApps users and exchanges aren't aware of these intermediaries because their work is hidden within the order books and price arbitrage across intermediaries whether or not they are centralized. The real secret lies in algorithmic trading.

By applying sophisticated modeling and trading software, algorithmic firms like Wintermute resort to diverse strategies to find a competitive advantage over regular traders, including arbitrage, derivatives and colocation servers for high-frequency market access.

In addition to traditional proprietary desk trading, Wintermute provides market-making services by facilitating transactions on intermediaries using their own resources. These services can be hired by exchanges, brokers, token issuers or third-party entities such as foundations and supporting companies.

Specialized trading firms usually handle this process, but the activity can also be carried out independently. Currently, Wintermute, Alameda Research, DRW, Jump Trading and Cumberland are some of the leading prop trading firms that provide liquidity for centralized exchanges and decentralized finance (DeFi) platforms.

This week’s hack was not Wintermute’s first million-dollar mistake

Wintermute was hired by the Optimism Foundation to provide liquidity for its token listing in June 2022 but completely messed up by losing 20 million OP tokens. Wintermute's team disclosed the incident to the Optimism community and posted 50 million USD Coin (USDC) as collateral to ensure the protocol was fully reimbursed.

Think about that for a moment. Exchanges, blockchain projects, venture capitalists and DApps all need some form of liquidity to ensure that the secondary market works seamlessly for end users. Without thin spreads and some depth to the order book, there is barely a chance for any project to succeed.

Whether one considers liquidity providers to be villains or heroes, their importance to the crypto industry cannot be underestimated. The current hack could have been due to mistakes exclusive to Wintermute, and for this reason, they haven’t turned manifest as an additional risk for other market makers.

Traders should not compare the failure of 3AC, Voyager and Celsus to the threat of a liquidity vacuum that is driven by the exodus of the remaining arbitrage desks. There is no indication that widespread risk has emerged at the moment, but until a detailed post-mortem is issued and similar risks eliminated, traders should keep a close eye on the markets.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.

DeFi CEO Attempts Negotiation As $160,000,000 Goes Missing From Crypto Platform

September 20, 2022 The Daily Hodl

Wintermute Loses $160M in Latest DeFi Hack

September 20, 2022 The Crypto Briefing

Wintermute Makes “Optimistic” Assumption, Loses 20M Tokens

June 9, 2022 The Crypto Briefing

Optimism loses 20M tokens after L1 and L2 confusion exploited

June 9, 2022 Coin Telegraph

Chris Blec

Although the airdrop took place less than two weeks ago, problems have already arisen for the vaunted layer-2 scaling solution’s team and market maker.

The honeymoon period for the Optimism layer-2 scaling solution has been cut short as an exploit in its market maker’s smart contract led to the loss of 20 million OP tokens.

The exploit took place May 26 but has only just been reported to the community. One million tokens valued at about $1.3 million were sold on June 5. An additional one million tokens valued at about $730,000 were transferred to Vitalik Buterin's Ethereum address on Optimism earlier today at 12:26am UTC. The remaining tokens are dormant for now but could be sold at any time or used to sway governance decisions.

Hey folks--in the interest of transparency, we'd like to share some details about an ongoing situation:https://t.co/915vIgRIJG

Summary below
— Optimism (✨_✨) (@optimismPBC) June 8, 2022

OP tokens are the native token for the Optimism Layer-2 (L2) and a portion of the supply was airdropped to network users on June 1. L2 solutions help alleviate congestion on a layer-1 blockchain such as Ethereum.

A summary of events from the Optimism team on Thursday detailed how the 20 million OP tokens were intended to be used by the Wintermute crypto market making firm. After sending two test transactions, the Optimism team sent the full amount of tokens.

However Wintermute discovered that it could not access the tokens because the smart contract it used to accept the tokens was still on L1 and had not been updated to be deployed on Optimism. This technical oversight opened the contract to an attack in which a bad actor took control of the contract on the L2 themselves.

As soon as Wintermute became aware of the problem, it “began a recovery operation with the goal to deploy the L1 multisig contract to the same address on L2,” but its attempt to remedy the situation was too late.

“An attacker was able to deploy the multisig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens.”

A multisig contract requires the approval of multiple key holders to execute a transaction.

In a June 9 message to the Optimism community, Wintermute took full responsibility for the exploit. The firm stated that it would perform OP buybacks equal to the amount the exploiter sells as a means of making “best efforts to smoothen the effects” of price volatility.

Wintermute has also offered to accept the incident as a white hat exploit if the hacker agreed to return 19 million tokens within one week. This offer was made before the hacker transferred another million tokens.

Replies to Wintermute’s message mostly applauded the firm for its transparency in revealing the issue and for accepting the blame for what happened.

In the short-term, the Optimism team has granted Wintermute an additional 20 million OP grant “so that they can continue with their work as things unfold.” But the team also pointed out that such market making efforts are temporary.

“The community should not expect or rely on the Optimism Foundation to support liquidity provisioning efforts in the future.”

Some $OP tokens got hijacked.

Optimism is grappling with the idea of whether it should use its multisig to take the tokens back from the thief.

In this tweet, they're saying "we coullllld do it.. but then you'd all hate us.. so we won't.. for now."

DANGEROUSLY CENTRALIZED. https://t.co/p7JiPY2TzU
— Chris Blec (@ChrisBlec) June 8, 2022

Host of the Proof of Decentralization podcast Chris Blec said the team had considered (but rejected) regaining control of the stolen funds by performing a network upgrade. This meant that in his view, Optimism (like most DeFi projects with admin keys) is “DANGEROUSLY CENTRALIZED”.

Blec also suggested that the most obvious explanation for exploits involve those most closely involved, meaning someone involved with Wintermute may have performed the attack themselves. He asked, “Why is everyone in this space always so opposed to vetting the most obvious possibilities?” There is no evidence at this stage to support this theory.

OP investors have responded negatively to the update as the token price is down 31.2% trading at $0.76 over the past 24 hours according to CoinGecko.