Wintermute: Compromised Admin Private Key via Profanity Vanity Address Vulnerability (Off-chain key compromise → on-chain drain)
Wintermute's $160M DeFi vault was drained because their admin key was a "vanity address" generated by a tool with a known cryptographic weakness — which Wintermute knew about, partially patched, but fatally failed to fully revoke from their vault contract.
Summary #
Wintermute suffered a Market Maker / DeFi Vault Infrastructure on 2022-09-20, resulting in a loss of approximately $160M.
What happened #
Wintermute's $160M DeFi vault was drained because their admin key was a "vanity address" generated by a tool with a known cryptographic weakness — which Wintermute knew about, partially patched, but fatally failed to fully revoke from their vault contract.
Linked factors #
No evidence factors are explicitly linked to this incident.