A whitehat hacker saved $10 million of ETH coins after discovering a vulnerability in an Ethereum smart contract which put the entire network at risk as we are reading more in the latest Ethereum news.
The whitehat hacker saved $10 million of ETH which were put at risk in a smart contract vulnerability, as the rescue team managed to organize and bring the funds to safety. The efforts of the team united many security experts and miners from across the world. the blockchain researcher and whitehat hacker is known as samczsun published a detailed analysis of the undercover operation which resulted in the rescue of 25,000 ETH and the funds were saved from a vulnerable ETH smart contract.
How do you rescue 10 million dollars from a vulnerable smart contract without letting attackers know it’s there? Last Tuesday, @epheph, @sparkpool_eth, @tzhen, @wadealexc, and I found out.https://t.co/WOjO651VIw
— samczsun (@samczsun) September 24, 2020
The hacker was looking through an Ethereum smart contract in search of vulnerabilities and he eventually discovered what later turned out to be a part of Lien finance’s protocol or a smart contract that contained more than 25,000 ETH. According to the post, the smart contract contained a burn function which allowed the users to mint themselves plenty of valueless tokens and exchange them for all the ETH stored on the contract. This way they were able to get away with a cache worth more than $10 million so that’s when Samczsun decided to intervene.
Since Lien Finance’s team was anonymous, the whitehat hacker went through a lot of potential connections, and even Alexander Wade, the security researcher at ConsenSys, and ETH specialist Scott Bigelow joined the operation. There were two ways that the situation could have been resolved. Lien Finance could have disclosed the vulnerability but it would have created an open gate for hackers to steal the funds by placing a free money sign. Or the team could have exploited the smart contract and return the funds to the owners. This however would have attracted the generalized frontrunner bots and predators of the ETH mempool.
The mempool referred to as “ETH Dark Forse” is a special place where transactions congregate before they end up accepted by the miners to be included in the next block. This area is patrolled by bots that are looking for exploitable transactions to steal. These bots could copy transactions in the mempool replace it with new addresses and make sure that the copycats get picked by the miners first. This means that a $10 million stack of funds could be easily stolen in a few seconds so secrecy is essential.
With the help of Tina Zhen, the team managed to reach Lien Finance and spent hours developing a solution or a “Whitehat API” which allowed the miners to pick up a transaction without displaying it in the mempool.