Well knock me down with a feather, it's yet another $160 million crypto hack

(Image credit: Thianchai Sitthikongsak/Getty)

2022 has so far been something of an annus mirabilis for the crypto sector, which in the macro picture has been struggling with the fallout of the gigantic collapse of the Terra ecosystem, while on the micro scale crypto companies of all stripes have suffered hack after hack.

The latest is Wintermute, which is a crypto market maker. The exact way these things operate is complicated, but boils down to their providing liquidity for certain defined cryptocurrencies by both buying and selling them on crypto exchanges: market makers exist in plenty of other industries outside of crypto, and turn a profit by collecting what's called the bid-ask spread over multiple bets.

All that really matters for our purposes is this: Wintermute holds a lot of crypto, and now it's been hacked and holds much less (thanks, the Register). "We’ve been hacked for about $160M in our defi [decentralised finance] operations," Wintermute CEO Evgeny Gaevoy writes. "Cefi [centralised finance] and OTC [over-the-counter] operations are not affected."

Gaevoy is surprisingly blase about the whole thing, which is typical of this sector: crypto CEOs tend to remain bullish until the whole thing explodes. Indeed, Gaevoy says there's nothing to worry about. He goes on to say that customer funds are safe, that Wintermute remains financially solvent and retains a large amount of equity, and that it's in a position to repay lenders who are worried.

That remains to be seen. Crypto-watchers are curious about exactly how much debt Wintermute is carrying, and whether it's as robust as it claims. Gaevoy went on to detail that 90 different types of digital asset were stolen in the hack, totalling $160 million.

Amazingly enough, Wintermute has also asked the hacker to pretty please return the crypto, with the offer of a 10% 'bounty'. I'm going to go out on a limb here and suggest they're not dealing with a white hat hack.

Wintermute joins the growing list of crypto firms that have lost eye-watering amounts as a result of security lapses or malfeasance. The latter is important because the crypto sector's image is now so interwoven with various schemes that are being treated by authorities as criminal in nature. Turkey recently managed to arrest the main actor behind a $2.5 billion rug-pull, and is apparently seeking to jail him for over 40,000 years. US Regulators looking into the collapse of Celsius describe it as a ponzi scheme. Meanwhile Do Kwon, the man behind the Terra ecosystem, fled to Singapore before South Korea issued a warrant for his arrest.

This is not small beer: one of the reasons the FBI's now so interested is state actors like North Korea instigating crypto hacks.

The amounts lost are in most cases obscenely large, though of course with the necessary caveat this is crypto value and not actual dollars. That doesn't mean it's all funny money though: entities like the Canadian pension fund have lost huge amounts through crypto investments. Regardless of individual hacks, the larger problem is that all the crypto claims of security, however expressed and whatever technology is involved, look evermore like bunk.

Rich Stanton

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."