Cyber ​​sleuths allege $160M Wintermute hack was an inside job.

A new crypto conspiracy theory is emerging — this time related to last week’s $160 million hack of algorithmic market maker Wintermuth — which one crypto sleuth claims is an “inside job.”

Cointelegraph reported on September 20 that a hacker exploited a bug in Wintermit’s smart contract that allowed them to swipe $61.4 million in USDC, $29.5 million in Tether (USDT), and 671 packets of Bitcoin (wBTC) in more than 70 different tokens. ) worth about $13 million at the time.

In a September 26 hack posted on Medium, an author known as librehash points to the way Wintermutt’s smart contracts were communicated and ultimately used, suggesting that the hack was done internally. :

“Related Transactions Initiated by EOA [externally owned address] Make it clear that the hacker is probably an internal member of the Wintermute team.

The author of the analysis, also known as James Edwards, is not a well-known cybersecurity researcher or analyst. The analysis shows the original post on Medium, but has yet to receive any response from Wintermuth or other cybersecurity analysts.

In the post, Edwards noted that the current theory is that the EOA “called for the ‘cracked’ Wintermutt smart contract itself, which the team compromised using a faulty online vanity address generator tool.”

“The idea is that by recovering the private key for that EOA, the attacker is able to make a call on the Wintermute smart contract, which is assumed to have administrator access,” he said.

Edwards went on to say that there is no “encrypted, verifiable code” for the Wintermutt smart contract in question, making it difficult for the public to prove the current hacker theory, while also highlighting transparency concerns.

“This is a transparency issue on behalf of the project itself. Any smart contract that is responsible for user/client fund management on the blockchain is expected to be publicly verifiable to allow the public to inspect and audit the unverified Solidity code.” He wrote.

Edwards then went into a deeper analysis of the smart contract code itself, and said the code did not match what had been described as the cause of the hack.

Related: Almost 1 million dollars stolen in crypto from the exploitation of a useless address

Another point he raised questions about was a separate transfer that occurred during the hack, which “shows the transfer of 13.48M USDT from the Wintermutt smart contract address to the 0x0248 smart contract.”Created and controlled by the Wintermute hacker)”

Edwards highlighted Etherscan’s trading history in which Wintermutt allegedly transferred more than $13 million worth of Tether Dollars (USDT) from two different exchanges to settle a botched smart contract.

Why would the team send $13 million worth of money to a contract they knew was broken? From two different exchanges?” he said. A question was asked via Twitter.

His theory, however, has yet to be confirmed by other blockchain security experts, although following last week’s hack, there were some complaints in the community that it might be an inside job. Chance.

In an update on the hack on Twitter on September 21, Wintermuth said it was “very sad and painful” but that the rest of his work had not been affected and that he would continue to serve his partners.

“The hack was isolated to our DeFi smart contract and did not affect any of Wintermute’s internal systems. No third party or Wintermute data is affected.

Cointelegraph reached out to Wintermuth for comment on the matter but did not receive an immediate response at the time of publication.