Wintermute hack
The crypto market maker Wintermute lost about $160M in September 2022 after an attacker brute-forced the private key of a 'vanity' admin address generated with the buggy Profanity tool, then used it to drain the firm's DeFi vault.
Also known as: Wintermute
Summary
Wintermute, a London-based algorithmic market maker, disclosed a roughly $160 million theft from its decentralized-finance operations on September 20, 2022. About $120 million of the loss was in stablecoins, with the rest in other tokens. [1][2]
Cause
Security analysts concluded the attacker exploited a known weakness in "Profanity," a tool used to generate vanity addresses (Wintermute's admin address began with a long string of zeros to save gas). Days earlier, 1inch had warned that Profanity-generated keys could be brute-forced. Wintermute had removed funds from the address but reportedly left it as an admin on its vault, allowing the attacker — once they recovered the key — to call privileged functions and drain it. The firm said it remained solvent. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.