Experts Blame Vanity Address Bug for $160 Million Wintermute Hack

On Tuesday, crypto market making firm Wintermute said that it had $160 million stolen from its Ethereum vault, a type of crypto wallet account holding its assets in a smart contract. 

While the Wintermute team has yet to provide an official post-mortem, security analysts have offered some insights into the hack. According to Mudit Gupta, Polygon‘s chief information security officer, a vulnerability may well have enabled the hacker to calculate the private keys of the vault’s admin address — allowing them to drain the vault of its funds.

As a market maker, Wintermute maintained several crypto assets in a vault. This vault relied on an admin address with a prefix “0x0000000,” which analysts say is a “vanity address.” At the same time, the vanity address functioned as an admin account (in the form of a hot wallet) to authenticate transactions for Wintermute’s vault.
Vanity addresses contain identifiable names or numbers within them — or have a particular style — and can be generated using certain online tools like Profanity. Last week, decentralized exchange aggregator 1inch published a security disclosure report claiming that “vanity addresses” generated with Profanity were not secure. Per 1inch, the private keys linked to Profanity-generated addresses could be extracted with brute force calculations.

Gupta and other security analysts have hypothesized that since the admin address is a vanity address, the hacker calculated its private key, took over Wintermute’s vault and transferred funds out to another address in their control.

“The vault only allows admins to do these transfers and Wintermute’s hot wallet is an admin, as expected. Therefore, the contracts worked as expected but the admin address itself was likely compromised,” Gupta wrote in a separate blog post.

Gupta said that it seems like Wintermute moved all the ether (ETH) from the vanity address wallet itself prior to the hack, perhaps as a precaution in light of the Profanity disclosures — but the firm didn’t change its admin privileges.

SlowMist, a smart contract security firm, corroborated Gupta’s findings. It commented, “After analysis, we think that the reason may be that Wintermute’s stolen externally-owned account (EOA) is a wallet created by Profanity (starting with 0x0000000).”

According to SlowMist, the hacker has now deposited $114 million worth of stolen assets into decentralized exchange Curve.

Wintermute hints at the issue

Wintermute founder Evgeny Gaevoy did not reply to a request for comment on whether the vanity address was the cause of the hack. On Twitter, Gaevoy did not address this directly but he quote tweeted a tweet by Yearn Finance lead developer Banteg referencing a previous case of a hack involving vanity addresses, saying, “Karma is a bitch:)”

Why use a vanity address at all? Gupta told The Block that Wintermute may have used one it’s considered more gas-efficient for making transactions. Gaevoy confirmed on Twitter that this was why the firm used one.

In the past, contract addresses were created using vanity address generators to have many zeros in them as teams believe such addresses lead to gas savings. Here the cost savings really depend on the usage. For a market maker like WinterMute that does thousands of transactions every day for market making, every bit of gas matters.