Algorithmic market maker service Wintermute suffered a security breach on Tuesday, with hackers making off with around $160 million across 90 assets within the platform's portfolio.

In a brief statement published on Twitter, Wintermute founder and CEO Evgeny Gaevoy stated that “we’ve been hacked for about $160M in our defi operations. Cefi and OTC operations are not affected.”

While around $160 million has been appropriated by the hacker, Gaevoy noted that “out of 90 assets that has been hacked only two have been for notional over $1 million (and none more than $2.5M),” and that as a result there shouldn’t be a “major selloff” of assets.

Gaevoy assured users, lenders and partners of the platform that they are “solvent with twice over that amount in equity left”, so all associated entities should expect a full restoration of operations within the coming days. 

Gaevoy added that Wintermute remains open to treating the hack as a “white hat” scenario, in which the hacker returns the funds and receives a reward for identifying a vulnerability.

How the Wintermute hack unfolded

While Gaevoy’s tweet was published around 8am UTC, a number of Twitter users seemingly uncovered suspicious activity affecting Wintermute as early as 6am UTC, engaging in a debate on the ins and outs of wash trading after discovering that large amounts had been transferred from Wintermute into exchange liquidity pool 3pool. 

Following Gaevoy’s announcement, self-proclaimed on-chain sleuth and 2D detective ZachXBT claimed to have identified the hacker’s wallet address, which contains $47.8 million in its wallet, with the remaining $114.3 million in the decentralized stablecoin exchange Curve Protocol.

Further investigation on blockchain exploration platform EtherScan reveals that the wallet in question has made 45 transactions over the past 5 hours, and holds a plethora of 80 tokens in their wallet including $12.9 million of Wrapped Bitcoin (WBTC), $3.9 million of Pax Dollar (USDP), and $2.3 million in Somnium Space CUBE tokens, among others.

Decrypt has reached out to Wintermute for comment and will update this story should the company respond.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.