According to the head of information security at Polygon, Mudit Gupta, the unknown attacker who stole $160 million from market maker Wintermute exploited a vulnerability in the Profanity tool.
The Profanity tool allows users to generate human-readable Ethereum addresses containing words, names, or phrases. Work on the tool was abandoned several years ago, but the wallets created with it are still functioning.
The Wintermute asset theft incident happened on September 20. The market maker retained solvency.
The Platform CEO Evgeny Gaevoy has emphasized the attack was aimed at DeFi operations.