Ethical Hacker Recovers $1.84M Following $2.3M Foom Cash Security Breach
Following a security vulnerability in its Groth16 verifier configuration, Foom Cash suffered losses of approximately $2.26 million, though white hat intervention successfully recovered $1.84 million of the stolen assets.
The swift action of an ethical hacker enabled a blockchain platform to reclaim the majority of assets taken during a $2.26 million security breach, underscoring the increasingly vital function ethical hackers play in responding to Web3 security incidents.
On Friday, Foom Cash, a privacy-focused, decentralized lottery platform built on zero-knowledge proof technology, fell victim to an exploit that drained $2.26 million worth of assets from the protocol.
Despite the severity of the attack, an ethical hacker's swift intervention enabled the platform to reclaim $1.84 million, representing 81% of the compromised funds, according to Foom Cash's announcement on Monday.
An anonymous white hat security researcher known by the pseudonym Duha has activated and "identified the vulnerability and moved to secure the funds on Base before malicious actors could strike, while @DecurityHQ handled the rescue operation on Ethereum," the protocol stated in an X post published on Monday.
The white hat hacker Duha received a $320,000 reward for their efforts, while cryptocurrency security firm Decurity was compensated with a $100,000 fee for their security services.
"By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them," white hat hacker Duha stated in their response addressing the incident.
"Fatal deployment oversight" led to $2.2 million exploit
The $2.2 million security breach resulted from a "fatal" error during deployment, stemming from an absent command line interface (CLI) within the "Phase 2 Trusted Setup."
"In Groth16, if you skip the circuit-specific contribution setup in snarkjs, the parameters γ (gamma) and δ (delta) remain set to the same default value (the G2 generator)," Foom explained in an X response posted on Monday.
This configuration oversight allowed the malicious actor to deceive the protocol into "accepting forged proofs because a placeholder was never randomized."
White hat hackers to the rescue
Ethical hacker interventions have emerged as a progressively common element of decentralized finance incident management, especially given that exploiters act rapidly to transfer stolen assets across blockchain networks or into privacy-enhancing tools.
During August 2023, ethical security researcher and Paradigm analyst Samczsun launched a collective of white hat hackers called SEAL (Security Alliance), which completed more than 900 hack-related investigations during its inaugural year, as reported by Cointelegraph.
The formation of this initiative occurred approximately one month following a security breach in which an attacker extracted over $230 million from WazirX, a cryptocurrency exchange based in India, marking the second-largest digital asset theft of 2024.
On Feb. 10, 2026, the Ethereum Foundation joined forces with SEAL to launch a "Trillion Dollar Security" program designed to fight against cryptocurrency wallet draining attacks.