@wintermute_t was hacked for $160m today. Contrary to popular belief, we think this hack could turn out to be a net positive for wintermute. WHAT?!?
A 🧵 (x/15)
1) What is @wintermute_t?
Wintermute is an algorithmic market-maker and liquidity provider. They deploy liquidity to a host of de-fi and ce-fi exchanges.
Their biggest clients are exchanges like Coinbase and Binance.
2) How did they get hacked?
Typically, Crypto wallet addresses are a string of random letters & numbers. They're generated from a private key using an encryption algo.
3) Often, users may not want random addresses for convenience. Vanity addresses that contains a personalized human-readable messages are used instead.
4) Vanity addresses are generated by selecting a private key at random, deriving the public key, deriving the address, and then checking to see if the address matches the desired vanity pattern. If not, this process is repeated millions of times until the desired pattern is found
5) Profanity is a tool that allows users to do this. A hacker used it to to recover private keys from any vanity address generated with Profanity at almost the same time that was required to generate that vanity address.
6) Next, the hacker -
1. Zeroed in on a profanity generated address
2. Generated pairs of public/private keys based on the vulnerability
3. Tried pairs of keys and saw what worked
7) How much was stolen?
The platform encountered a $160 million breach in its decentralized finance (DeFi) operations. The firm’s CeFi operations and over-the-counter services weren’t affected
Lenders have been given the option to recall loans if they want to.
8) Both Wintermute’s hot wallet and DeFi vault contract appear to have vanity addresses, with multiple leading zeros.
The hot wallet’s private key was likely compromised and used to drain the vault.
9) The CEO of Wintermute, @EvgenyGaevoy, indicated Wintermute remains solvent, with $320 million in equity left after the hack. Users can expect the platform to face disruptions over the next few days until operations return to normal.
They should be fine.
10) So can a hack that drains a protocol still benefit the protocol in the long run? According to Wintermute's website traffic statistics, they experienced a big jump in organic searches for the website recently.
11) They also experienced massive increase in their overall website rank, unique visitors and average visit duration.
12) So the question then remains, will this increased engagement lead to more users and protocols discovering Wintermute? Or will there be a loss of trust with users moving off the platform. Time will tell.
13) what is the conversion rate from a visitor into a paying customer? what is the average revenue generated per user? If the increased engagement * conversion rate * LTV > hack amount then yes the hack was a good thing. weird.
14) The way the CEO of Wintermute announced the hack was commendable. He informed users immediately and explained clearly what happened. He was very open about the financial details of Wintermute as well.
15) Let's summarize this hack with a pros and cons list. Time will tell which side of the coin wintermute will land on. We will come back to this in a few months with a subsequent 🧵 and evaluate.
Sources: en.whotwi.com/wintermute_t/f…
rekt.news/wintermute-rek…
semrush.com/analytics/traf…
cointelegraph.com/news/profanity…
@threadreaderapp unroll
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.