Wintermute inside job theory “not convincing enough” —BlockSec


Blockchain security firm BlockSec has debunked a conspiracy theory claiming Wintermute’s $160 million hack was an inside job, noting that the evidence used to support the claims was “not convincing enough.”

Earlier this week, cybersleuth James Edwards released a report claiming that the Wintermute smart contract exploit was likely performed by someone with inside knowledge of the company involved in activities related to the compromised smart contract and two stablecoins in particular -Transactions questioned.

BlockSec has since path over the claims in a Wednesday post on Medium, suggesting that the “Wintermute project allegation is not as solid as the author claims,” ​​adding in a tweet:

“Our analysis shows that the report is not convincing enough to charge the Wintermute project.

In Edward’s original post, he essentially drew attention to how the hacker was able to wreak so much carnage on the exploited Wintermute smart contract, which was “supposed to have admin access,” although he showed no evidence of this during his analysis that he had admin skills.

However, BlockSec promptly debunked the claims, as it outlined that “the report only looked up the current status of the account in the _setCommonAdmin mapping variable, but this is not reasonable as the project may take action to revoke admin privileges after it knew the attack.”

It pointed to Etherscan transaction details showing that Wintermute had removed admin privileges when it became aware of the hack.

BlockSec Report: Medium

Edwards also questioned the reasons why Wintermute had $13 million worth of Tether (USDT) transferred to her smart contract from two or her accounts on two different exchanges just two minutes after the compromise, suggesting that it it was a bad game.

Related: Tribe DAO votes to pay back victims of $80 million Rari hack

In response, BlockSec argued that this is not as suspicious as it appears, as the hacker may have monitored Wintermute broadcast transactions via bots to break in.

“However, it is not as plausible as is claimed. The attacker could monitor the activity of the transmitting transactions to achieve the goal. From a technical point of view, it’s not entirely far-fetched. For example, there are some on-chain MEV bots that continuously monitor transactions to generate profits.”

As noted in Cointelegraph’s first article on the subject, Wintermute has firmly refuted Edwards’ claims, claiming that his methodology is riddled with inaccuracies.


Comments are closed.