Full Report
Wintermute is an Automated Market Maker (AMM). The hack wasn't anything that Wintermute actually did wrong. This time, it was a Vanity wallet generator called Profanity. Using this, it can generate a string of characters into the wallet that is easy to remember and identify. This is somewhat of a problem because everything is supposed to be random! Profanity’s algorithm had a weakness in how it was generating random numbers. Profanity used a 32 bit integer (4.3 billion numbers) to seed the making of the address. As a result, this was brute forcable and came to the public eye. The belief is that keys are used for Wintermute were generating using Profanity and this is how they were compromised. Please only used trusted and audited tools!
Analysis Summary
# Incident Report: Wintermute $160M Hack via Profanity Key Compromise
## Executive Summary
In late September 2022, the Automated Market Maker (AMM) Wintermute suffered a $160 million loss from one of its hot wallets. The attack was enabled not by an exploit in Wintermute's smart contracts, but by leveraging a known vulnerability in the third-party vanity wallet generator tool, Profanity. An attacker brute-forced the private key of a wallet likely generated by Profanity due to its weak 32-bit seeding, which allowed access to the hot wallet and subsequently the DeFi vault.
## Incident Details
- Discovery Date: Late September 2022 (Coincided with public awareness of the Profanity vulnerability)
- Incident Date: Late September 2022
- Affected Organization: Wintermute
- Sector: Algorithmic Market Maker (AMM) / Decentralized Finance (DeFi)
- Geography: Not specified (Global implication due to public blockchain)
## Timeline of Events
### Initial Access
- **Date/Time:** Late September 2022 (Exact time unknown)
- **Vector:** Private Key Compromise (Derived via brute-force attack)
- **Details:** The attacker targeted a wallet (likely the hot wallet) whose private key was generated using the Profanity vanity address generator. Profanity used a weak 32-bit integer seed for its random number generation, making the key space small enough to be brute-forced by an attacker with sufficient compute power.
### Lateral Movement
- **Date/Time:** Post-initial key compromise (Date unknown)
- **Vector:** Compromised Hot Wallet Key controlling Vault Admin Access
- **Details:** Once the hot wallet private key was obtained, the attacker likely used this key to interact with Wintermute’s associated DeFi vault contract, as the compromised hot wallet address was **not** removed as an admin from the vault post-initial Profanity awareness.
### Data Exfiltration/Impact
- **Date/Time:** Following unauthorized access to the vault.
- **Vector:** Unauthorized token withdrawals.
- **Details:** $118.4M in funds were stolen from the vault, including stablecoins, 671 Wrapped Bitcoin (WBTC, ~$13M), and 6,928 ETH ($9.4M), among various other tokens.
### Detection & Response
- **Date/Time:** Late September 2022 (Coinciding with public disclosure of Profanity weakness affecting other users).
- **Vector:** Public disclosure of the underlying Profanity vulnerability.
- **Details:** Wintermute took immediate action to transfer all remaining Ether from the compromised hot wallet. However, this action was late, as the vault had already been drained via administrative control.
## Attack Methodology
- **Initial Access:** Brute-force private key generation exploiting the weakness in the Profanity vanity address generator algorithm (low entropy seed).
- **Persistence:** Not explicitly detailed, but assumed the attacker maintained control of the compromised hot wallet key long enough to drain the vault.
- **Privilege Escalation:** Not applicable in the traditional sense; the attack leveraged existing **administrative control** over the vault granted to the compromised hot wallet address.
- **Defense Evasion:** The direct key compromise through mathematical weakness bypassed standard network or application-level security monitoring.
- **Credential Access:** Direct acquisition of the private key through brute-forcing the PRNG seed space.
- **Discovery:** External public disclosure regarding the Profanity vulnerability alerted Wintermute to the potential issue with their addresses.
- **Lateral Movement:** Movement from the compromised hot wallet to authorize significant withdrawals/transfers from the connected DeFi vault contract.
- **Collection:** Accumulation of high-value tokens (Stablecoins, BTC, ETH) within the compromised wallet/vault.
- **Exfiltration:** Direct on-chain transfer of stolen assets.
- **Impact:** Significant financial loss from the DeFi vault.
## Impact Assessment
- **Financial:** ~$160M total loss ($118.4M stolen from the vault, plus additional tokens from the hot wallet before transfer).
- **Data Breach:** No customer PII explicitly mentioned; impact is financial asset compromise.
- **Operational:** Significant disruption to treasury management and operations.
- **Reputational:** Major security incident for a leading AMM.
## Indicators of Compromise
- **Network Indicators:** None specified, as the compromise was key-based, not network-based.
- **File Indicators:** None specified.
- **Behavioral Indicators:** Unauthorized large-value transactions originating from the compromised hot wallet (specific transaction hashes in the source: **`0x93716f3e3a9e3f47dec05b4df511e07e53b3e4695e84cd4f05f5d83188f3552a`** which initiated asset removal from the hot wallet).
## Response Actions
- **Containment measures:** Immediate removal of all remaining Ether from the compromised hot wallet after the exploit became apparent.
- **Eradication steps:** Not explicitly detailed, but removal of the compromised address as an admin from the vault was the critical step required.
- **Recovery actions:** Not detailed in the provided context (e.g., insurance claims, fund recovery attempts).
## Lessons Learned
- **Key Takeaway 1:** Vanity address generators like Profanity that rely on weak, low-entropy seeding (32-bit integer) create predictable private keys vulnerable to brute-force attacks.
- **Key Takeaway 2:** Security assessments must cover the security posture of *all externally used tools* (including third-party key generators) used to create critical operational keys.
- **What could have been done better:** Critical administrative keys, especially those linked to large vaults, should have been rotated or migrated immediately upon the public disclosure of the Profanity vulnerability, before transferring minor assets.
## Recommendations
- **Prevention Measures for Similar Incidents:**
1. Mandate the use of high-entropy, cryptographically sound random number generators (seeded properly) for all key generation.
2. Immediately cease the use of any vanity address generators that rely on predictable or low-bit-length seeding mechanisms.
3. Implement robust key rotation policies, especially for administrative keys associated with DeFi vaults, triggered not only by suspected compromise but also by the discovery of inherent cryptographic weaknesses in the creation tool.
4. Ensure that security advisories regarding third-party tools immediately trigger a review and potential migration of any associated operational keys.