- Debate has sprung up over the perpetrators of the Wintermute hack last week
- $162.5 million in cryptocurrencies was stolen from the British exchange last week
- A blockchain analyst and security firm are at odds over the potential for an inside job
The recent hack on British crypto exchange Wintermute has led to a debate around whether it was an inside job or the work of external forces. Blockchain analyst James Edwards claimed on Monday that the hack, which took place last week and saw $160 million in cryptocurrencies stolen, was the work of insiders, a theory that was yesterday debunked by blockchain security firm BlockSec who found Edwards’ evidence “not convincing enough.” Wintermute has reassured users that lending will not be impacted and the platform will continue to operate as normal, although it is still not known if the company has reported the matter to police.
Edwards Suspects Inside Job
Wintermute reported the theft of $162.5 million in cryptocurrencies last week, with chief executive Evgeny Gaevoy speculating that the hack was linked to the vulnerability found in the Profanity wallet creator. However, Edwards posted a tweet thread on Monday outlining his theory that the hack was in fact an inside job, suggesting numerous factors, such as Wintermute’s lack of transparency and the fact that those responsible had “intimate knowledge” of the inner workings of Wintermute’s contracts:
I conducted a follow-up analysis and published a report that refutes this claim. My report concludes this was an inside job.https://t.co/swJKlHWsrR
— James Edwards (@librehash) September 26, 2022
However, blockchain security firm Blocksec has disrupted these claims, suggesting that “the accusation of the Wintermute project is not as solid as the author claimed.” In its very brief report, Blocksec points out some flaws in Edwards’ theories regarding the movement of the cryptocurrencies in question, positing ways in which an external hacker could indeed have carried out the coin moves without this intimate knowledge.
Edwards responded this morning, giving the report short shrift:
My bad – not an inside job. Just a team that was grossly incompetent and extraordinarily negligent in the handling of hundreds of millions of dollars.
— James Edwards (@librehash) September 28, 2022
It’s interesting to note that the Blocksec report didn’t tackle all the concerns raised by Edwards, and indeed its brevity gives the impression that Blocksec had been put up to the task of taking the blame off the Wintermute team as quickly as possible. A more thorough debunk would reinforce the suggestion that it was doing it off its own back, and would give its own conclusions more gravitas.