A fresh new cryptocurrency conspiracy theory is emerging – this time in connection with last week’s $160 million hack of algorithmic market maker Wintermute, which one crypto expert said was “an inside job.”
On September 20, Cointelegraph reported that a hacker exploited a flaw in Wintermute’s smart contract that allowed them to steal over 70 different tokens, including $61.4 million in coins (
) and 671 wrapped bitcoins (wBTC), worth approximately $13 million at the time.
In an analysis of the hack posted on Medium on Monday, an author known as Librehash claimed that due to the way Wintermute’s smart contracts interacted and were ultimately used, the hack is believed to have been carried out by an insider, arguing:
“The relevant transactions initiated by the EOA [external address] clearly show that the hacker was likely an internal member of the Wintermute team.”
The author of the analytical section, also known as James Edwards, is not a well-known researcher or analyst in the field of cyber security. The analysis marks its first publication on Medium, but has yet to receive a response from Wintermute or other cybersecurity analysts.
In his post, Edwards suggests that the current theory is that EOA, “which called the ‘compromised’ Wintermute smart contract, was itself compromised due to the team’s use of a faulty online vanity address generator tool.”
“The idea is that by recovering the private key for this EOA, the attacker was able to call the Wintermute smart contract, which presumably had administrator access,” he said.
Edwards went on to state that there is no “uploaded and verified code for the Wintermute smart contract in question”, making it difficult for the public to confirm the current remote hacker theory, as well as transparency concerns.
– That in itself is a challenge with regard to transparency on the part of the project. Any smart contract responsible for managing user/customer funds that have been distributed on the blockchain is expected to be publicly verified to give the general public an opportunity to examine and test the patchy Solidity code,” he wrote.
Edwards then performed a deeper analysis by manually decompiling the smart contract code and stated that the code did not match what was attributed to the hack.
Related: Nearly $1 Million in Crypto Stolen Due to Vanity
Another point that raises questions for him was a specific transfer that occurred during the hack, which “shows a transfer of $13.48 million from Wintermute’s smart contract address to smart contract 0x0248 (allegedly created and controlled by the Wintermute hacker)”.
Edwards drew attention to Etherscan’s transaction history that allegedly shows Wintermute transferring $13 million worth of USDT from two different exchanges to eliminate a compromised smart contract.
“Why would a team send $13M worth of funds to a smart contract they *knew* had been compromised? From TWO different exchanges?” he asked on Twitter.
However, his theory has yet to be confirmed by other blockchain security experts, although there have been rumors in the community since last week’s hack that an inside job is possible.