Cyber sleuth alleges $160M Wintermute hack was an inside job

cointelegraph.com:

A fresh new crypto conspiracy theory is afoot — this time in relation to last week's $160 million hack on algorithmic market maker Wintermute — which one crypto sleuth alleges was an "inside job."

Cointelegraph reported on Sept. 20 that a hacker had exploited a bug in a Wintermute smart contract which enabled them to swipe over 70 different tokens including $61.4 million in USD Coin (USDC), $29.5 million in Tether (USDT) and 671 Wrapped Bitcoin (wBTC), worth roughly $13 million at the time.

In an analysis of the hack posted via Medium on Sept. 26, the author known as Librehash argued that due to the way in which Wintermute’s smart contracts were interacted with and ultimately exploited, it suggests that the hack was conducted by an internal party, claiming:

The author of the analysis piece, known also as James Edwards, is not a known cybersecurity researcher or analyst. The analysis marks his first post on Medium but so far hasn't garnered any response from Wintermute or other cybersecurity analysts.

In the post, Edwards suggests that the current theory is that the EOA “that made the call on the 'compromised' Wintermute smart contract was itself compromised via the team’s use of a faulty online vanity address generator tool.”

“The idea is that by recovering the private key for that EOA, the attacker was able to make calls on the Wintermute smart contract, which supposedly had admin access,” he said.

Edwards went on to assert that there’s no “uploaded, verified code for the Wintermute smart contract in question,” making it difficult for the public to confirm the current external hacker theory, while also raising transparency concerns.

“This, in itself, is an issue in terms of transparency on behalf of the project. One would