{"id":496534,"date":"2022-09-28T05:26:38","date_gmt":"2022-09-28T02:26:38","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/wintermute-inside-job-theory-not-convincing-enough-blocksec\/"},"modified":"2022-09-28T05:26:38","modified_gmt":"2022-09-28T02:26:38","slug":"wintermute-inside-job-theory-not-convincing-enough-blocksec","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/wintermute-inside-job-theory-not-convincing-enough-blocksec\/","title":{"rendered":"# Wintermute inside job theory &#8216;not convincing enough&#8217; \u2014BlockSec"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a26bb6da7f76\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a26bb6da7f76\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/wintermute-inside-job-theory-not-convincing-enough-blocksec\/#%E2%80%9D_Wintermute_inside_job_theory_%E2%80%98not_convincing_enough_%E2%80%94BlockSec_%E2%80%9C\" >&#8221; Wintermute inside job theory &#8216;not convincing enough&#8217; \u2014BlockSec &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Wintermute_inside_job_theory_%E2%80%98not_convincing_enough_%E2%80%94BlockSec_%E2%80%9C\"><\/span>&#8221; Wintermute inside job theory &#8216;not convincing enough&#8217; \u2014BlockSec &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-6ebd806f>Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is \u201cnot convincing enough.&#8221;<\/p>\n<p>Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart contract exploit was likely conducted by someone with inside knowledge of the firm, questioning activity relating to the compromised smart contract and two stablecoin transactions in particular. <\/p>\n<p>BlockSec has since <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blocksecteam.medium.com\/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8\">gone<\/a> over the claims in a Wednesday post on Medium, suggesting that the \u201caccusation of the Wintermute project is not as solid as the author claimed,\u201d adding in a Tweet:<\/p>\n<blockquote><p>\u201cOur analysis shows that the report is not convincing enough to accuse the Wintermute project.<\/p><\/blockquote>\n<p>In Edward\u2019s original post, he essentially drew attention as to how the hacker was able to enact so much carnage on the exploited Wintermute smart contract that \u201csupposedly had admin access,\u201d despite showing no evidence of having admin capabilities during his analysis. <\/p>\n<p>BlockSec however promptly debunked the claims, as it outlined that \u201cthe report just looked up the current state of the account in the m<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ing variable _setCommonAdmin, however, it is not reasonable because the project may take actions to revoke the admin privilege after knowing the attack.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Our short analysis of the Accusation of the Wintermute Project: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/6Lw6FjUrLp\">https:\/\/t.co\/6Lw6FjUrLp<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/wintermute_t?ref_src=twsrc%5Etfw\">@wintermute_t<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/EvgenyGaevoy?ref_src=twsrc%5Etfw\">@evgenygaevoy<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/librehash?ref_src=twsrc%5Etfw\">@librehash<\/a>  <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/WuBlockchain?ref_src=twsrc%5Etfw\">@WuBlockchain<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/bantg?ref_src=twsrc%5Etfw\">@bantg<\/a><\/p>\n<p>Our analysis shows that the report is not convincing enough to accuse the Wintermute project.<\/p>\n<p>\u2014 BlockSec (@BlockSecTeam) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1574738202744655872?ref_src=twsrc%5Etfw\">September 27, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It pointed to Etherscan transaction details which showed that Wintermute had removed admin privileges once it became aware of the hack. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-09\/127fac0a-d42f-4b96-a740-6dd10fd8ba0a.png\"><figcaption style=\"text-align: center;\"><em>BlockSec report: Medium<\/em><\/figcaption><\/figure>\n<p>Edwards also questioned the reasons why Wintermute had $13 million worth of Tether (USDT) transferred from two or their accounts on two different exchanges to their smart contract just two minutes after it was compromised, suggesting it was foul play.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Tribe DAO votes in favor of repaying victims of $80M Rari hack<\/em><\/strong><\/p>\n<p>Addressing this, BlockSec argued that this is not as suspicious as it appears, as the hacker could have been monitoring Wintermute transferring transactions, possibly via bots, to swoop in there.<\/p>\n<blockquote><p>\u201cHowever, it is not as plausible as it claimed. The attacker could monitor the activity of the transferring transactions to achieve the goal. It is not quite weird from a technical point of view. For example, there exist some on-chain MEV-bots which continuously monitor the transactions to make profits.\u201d<\/p><\/blockquote>\n<p>As previously stated in Cointelegraph\u2019s first article on the matter, Wintermute has strongly refuted Edwards claims, and has asserted that his methodology is full of inaccuracies.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/wintermute-inside-job-theory-not-convincing-enough-blocksec\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Wintermute inside job theory &#8216;not convincing enough&#8217; \u2014BlockSec &#8220; Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is \u201cnot convincing enough.&#8221; Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart&#8230;<\/p>\n","protected":false},"author":1,"featured_media":496535,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvM2I1NTdiOGItYzVjYS00MjFmLThjMmQtOGQ1OTk5YWZkNGM3LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74882,75434,70944],"class_list":["post-496534","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-hacks","tag-smart-contracts","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/496534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=496534"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/496534\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/496535"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=496534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=496534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=496534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}