A cyber sleuth claims the $160 million Wintermute hack was carried out from within

Published on:

Last Updated on September 27, 2022 by Bitfinsider

In a Medium post on September 26, the author known as Librehash argued that the way Wintermute’s smart contracts were interacted with and ultimately exploited suggests that the hack was carried out by an internal party.

The analysis piece’s author, also known as James Edwards, is not a well-known cybersecurity researcher or analyst. The analysis is his first Medium post, but he has yet to receive a response from Wintermute or other cybersecurity analysts.

The current theory, according to Edwards, is that the EOA “that made the call on the ‘compromised’ Wintermute smart contract was itself compromised via the team’s use of a faulty online vanity address generator tool.”

“The idea is that the attacker was able to make calls on the Wintermute smart contract, which supposedly had admin access, by recovering the private key for that EOA,” he explained.

Edwards went on to say that there is no “uploaded, verified code for the Wintermute smart contract in question,” making it difficult for the public to confirm the current external hacker theory and raising concerns about transparency.

“In and of itself, this is a problem in terms of project transparency.” “Any smart contract responsible for the management of user/customer funds that has been deployed onto a blockchain should be publicly verified to allow the general public to examine and audit the unflattened Solidity code,” he wrote.

Edwards then conducted a more in-depth investigation, manually decompiling the smart contract code, and claimed that the code does not match what has been attributed to causing the hack.

He also questions a specific transfer that occurred during the hack, which “shows the transfer of 13.48M USDT from the Wintermute smart contract address to the 0x0248 smart contract (allegedly created and controlled by the Wintermute hacker).”

Wintermute allegedly transferred more than $13 million in Tether USD (USDT) from two different exchanges to address a compromised smart contract, according to Etherscan transaction history.

His theory, however, has yet to be confirmed by other blockchain security experts, despite the fact that, following the hack last week, there were some whispers in the community that an inside job was a possibility.


Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.

Related