29. September 2020

Pirates save $10 million in ethers from inevitable loss

– Not all hackers are evil. Some are even the Nemesis of their peers. As proof, a white hat discovers and exploits flaws in a computer system in order to protect it. In this case, nearly 10 million dollars worth of ethers (ETH) have been „hacked“… for a good cause.
It’s a real operation of computer rescue of ethers in bad situation that the hacker white hat nicknamed “ samczsun „, at the origin of the discovery, tells us.

On September 15th, samczsun discovered a vulnerability in the smart contract Finance link on Ethereum. Worrying fact: this smart contract contained 25,700 ethers, or a little more than 9.6 million dollars at the time of its discovery.

Unlucky for our hacker benefactor, the development team of Lien Finance is anonymous. He then sent an alert message on Ethereum’s Telegram channel dedicated to network security. Shortly after, Alexander Wade from ConsenSys replied.

Subsequently, the rescue team welcomed Tina Zhen from the cyber security company CertiK. This was a good timing since ConsenSys and CertiK are the 2 companies that audited the incriminated smart contract (but obviously without having spotted the flaw).

Operation “ Escaping the Dark Forest“

From there, the aim of the rescuers was to make “ escape from the dark forest „ the threatened ethers. Dark Forest refers to Ethereum’s mempool, a kind of buffer between the arrival of transactions on the network and their processing by the miners.

If this area of the mempool is called so strong>, it is because it is full of automated predatory bots, ready to exploit loopholes in the transactions.

The team then called upon the SparkPool mining pool to concoct together a way to get the 25,700 ETH directly into a block of transactions, without going through the dangerous mempool.

As shown in the screenshot below, the Lien Finance team managed to recover the 10 million dollars of ethers at risk. Mission accomplished for the rescuers!

This story is the proof that, even audited by renowned companies, smart contracts can unfortunately contain very dangerous loopholes. Something to meditate on carefully in the current madness of decentralised finance. Fortunately, this time the pirates were on the right side of the fence.