Loch Profile picture
Sep 20, 2022 19 tweets 6 min read Read on X
@wintermute_t was hacked for $160m today. Contrary to popular belief, we think this hack could turn out to be a net positive for wintermute. WHAT?!?

A 🧵 (x/15)
1) What is @wintermute_t?

Wintermute is an algorithmic market-maker and liquidity provider. They deploy liquidity to a host of de-fi and ce-fi exchanges.

Their biggest clients are exchanges like Coinbase and Binance. Image
2) How did they get hacked?

Typically, Crypto wallet addresses are a string of random letters & numbers. They're generated from a private key using an encryption algo.
3) Often, users may not want random addresses for convenience. Vanity addresses that contains a personalized human-readable messages are used instead.
4) Vanity addresses are generated by selecting a private key at random, deriving the public key, deriving the address, and then checking to see if the address matches the desired vanity pattern. If not, this process is repeated millions of times until the desired pattern is found
5) Profanity is a tool that allows users to do this. A hacker used it to to recover private keys from any vanity address generated with Profanity at almost the same time that was required to generate that vanity address.
6) Next, the hacker -
1. Zeroed in on a profanity generated address
2. Generated pairs of public/private keys based on the vulnerability
3. Tried pairs of keys and saw what worked
7) How much was stolen?

The platform encountered a $160 million breach in its decentralized finance (DeFi) operations. The firm’s CeFi operations and over-the-counter services weren’t affected

Lenders have been given the option to recall loans if they want to. Image
8) Both Wintermute’s hot wallet and DeFi vault contract appear to have vanity addresses, with multiple leading zeros.

The hot wallet’s private key was likely compromised and used to drain the vault.
9) The CEO of Wintermute, @EvgenyGaevoy, indicated Wintermute remains solvent, with $320 million in equity left after the hack. Users can expect the platform to face disruptions over the next few days until operations return to normal.

They should be fine.
10) So can a hack that drains a protocol still benefit the protocol in the long run? According to Wintermute's website traffic statistics, they experienced a big jump in organic searches for the website recently. Image
11) They also experienced massive increase in their overall website rank, unique visitors and average visit duration. ImageImage
12) So the question then remains, will this increased engagement lead to more users and protocols discovering Wintermute? Or will there be a loss of trust with users moving off the platform. Time will tell.
13) what is the conversion rate from a visitor into a paying customer? what is the average revenue generated per user? If the increased engagement * conversion rate * LTV > hack amount then yes the hack was a good thing. weird.
14) The way the CEO of Wintermute announced the hack was commendable. He informed users immediately and explained clearly what happened. He was very open about the financial details of Wintermute as well.
15) Let's summarize this hack with a pros and cons list. Time will tell which side of the coin wintermute will land on. We will come back to this in a few months with a subsequent 🧵 and evaluate. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Loch

Loch Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @loch_chain

Oct 25, 2022
@balajis and @lexfridman did an 8 hour podcast. That's right. 8 hours. Yes, it was long but the information density per minute was vertiginous. We took notes so you don't have to. Here's what we found most interesting.

(x/17)
1) The duo cover a range of topics from math, science, technology, history, finance, economics, politics, government, to academia, etc.

For our purposes, let's focus on decentralization, which is a central tenet to Balaji's thesis. No pun intended.
2) Government - These days, anyone can start a company, create a community or invent a new currency.

So why can't this line of thinking be extended to states themselves?

Balaji posits that they can, alluding to a term he's coined 'The Network State'.
Read 19 tweets
Oct 21, 2022
It's easy to write tendentious articles excoriating today's social media empires. Anyone with half a brain can enumerate the inherent shortcomings of the ad-driven business model. What's not easy is designing and building an alternative system with better incentives.
(x/17)
1) @StaniKulechov the founder of @AaveAave, one of the largest DeFi protocols with $4b TVL, is attempting to just this with @LensProtocol. Without belaboring the point, let's briefly touch on what's wrong with traditional social media companies. Image
2) Traditional social media companies build up network effects by offering free services in their infancy (attract phase).

Once they reach critical mass, they start selling users' data to companies (extract phase). Data sold is harnessed for targeted advertising. Image
Read 19 tweets
Oct 19, 2022
Mesopotamian cuneiform tablets are humanity's oldest remnants of written communication. These tablets contain ledger entries. So, borrowing and lending are as old as the written word. What about interest rates on loans? Are these Lindy too? Maybe.
(x/17) sourced from khanacademy
1) @LiquityProtocol asserts that lending and borrowing can be conducted without levying interest.
2) Liquity is a decentralized, collateralized debt position (CDP) protocol.

It allows users to draw interest free loans in $LUSD (the native, dollar-pegged stablecoin) against $ETH used as collateral.

The minimum collateralization ratio is 110%.
Read 19 tweets
Oct 12, 2022
They say crypto doesn't have real world non financial use-cases. The team building @helium proves otherwise. Here's how helium ($HNT) used cryptoeconomics to bootstrap decentralized physical infrastructure that dwarfs the largest telecom providers today.
(x/15) Image
1) Helium is a decentralized wireless network, built on @ethereum, that serves IoT (Internet of Things) devices.

The network is present in 65,000+ cities & 160+ countries. It's powered by over 1 million hotspots globally.
2) The HNT token is the cryptocurrency of the network. Customers burn HNT in exchange for data credits. Data credits are spent to use the network.

Validators (Miners) who run hotspots are then rewarded with a share of HNT tokens.
Read 20 tweets
Oct 8, 2022
Crypto naysayers often ask the simple rhetorical question. If crypto is sound money, why do people still measure their crypto assets in fiat terms? “I have $10,000 worth of BTC.” or “The sum of all my crypto holdings is $100,000.” Ha! Gotcha!

(x/7)
1) Counterintuitively, counting crypto assets in fiat terms does not lend credence to fiat’s persistence as a unit of account in the future. Historically, long after currencies collapsed, people still used them as a unit of account.
2) In fact, following the collapse of a dominant hegemonic currency, the more frequent solution was to adopt some sort of credit system. The old currency was removed from circulation and was no longer minted or issued. Still, its utility as a unit of account persisted.
Read 10 tweets
Oct 8, 2022
Structured Products for Blockspace. Ugh. Is this another form of unnecessary over-financialization in crypto? Or do these products create real value for real people? Let's find out.

(x/13)
1 ) "In the blockspace market, miners are the producers, mining pools are the auctioneers, and users are the bidders." @Leorzhang, @gakonst, and @paradigm cover an exceptional overview of blockspace here. research.paradigm.xyz/ethereum-block…
2) In simple terms, validators are rewarded for creating more blocks and securing the network. They're paid in the form of fees or subsidies.

These fees and rewards tend to be volatile obviously; they're determined by capricious free-market forces.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(