Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 103Private Key Compromise

Wintermute Profanity Exploit

Wintermute lost $160M from a hot wallet whose Profanity-generated vanity address used a 32-bit PRNG seed that let any 'random' key be brute-forced. They knew.

Date
Victim
Wintermute
Chain(s)
Ethereum
Status
Funds Stolen

On September 20, 2022, the London-based market maker Wintermute was drained for approximately $160 million from a DeFi hot wallet whose address had been generated by Profanity, a popular Ethereum vanity-address generator that turned out to use a critically weak random-number source.

What happened

The Profanity tool let users generate Ethereum addresses with custom prefixes or suffixes (0x0000…, 0xWINT…, etc.). To do this efficiently it brute-forced private keys until one produced an address with the desired pattern.

The fatal flaw: Profanity seeded its CPRNG with a 32-bit integer — a key space of only ~4 billion possible seeds. An attacker with modest GPU resources could enumerate the entire seed space in days and reconstruct every private key Profanity had ever produced. The vulnerability had been publicly disclosed by 1inch roughly one week before the Wintermute incident.

Wintermute saw the disclosure and acted on it — they withdrew all ETH from the affected hot wallet. What they failed to do was remove that address's administrator role from their DeFi vault contract. When the attacker eventually brute-forced the Profanity-generated private key for that wallet, they used the still-active admin role to drain $160M in tokens directly from the vault.

Aftermath

  • Wintermute offered the attacker a 10% white-hat bounty, which was declined; funds were sent to Tornado Cash.
  • CEO Evgeny Gaevoy disclosed that the firm remained solvent with ~$320M in equity after the loss.
  • Profanity was deprecated and warnings were issued for every address that had been generated with it — many of which were later drained by separate operators using the same technique.

Why it matters

Wintermute is the textbook case for post-incident cleanup discipline: knowing a key may be compromised is not enough; every system, contract and role that key ever touched must be revoked, not just emptied. The same lesson recurs in different forms — a stolen admin key on an upgradeable contract (PlayDapp), an unrotated signing role after a vendor breach — every time a security incident's remediation is half-finished.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-wintermute-hack-september-2022
  2. [02]theblock.cohttps://www.theblock.co/post/171192/experts-blame-a-vanity-address-bug-for-wintermutes-160-million-hack
  3. [03]safeheron.comhttps://safeheron.com/blog/how-profanity-caused-wintermute-to-lose-160m/

Related filings