A “whitehat” hacker prevented the theft of nearly $10 million ETH after discovering a vulnerability in an ethereum smart contract.
Blockchain security researcher and whitehat hacker samczsun published a report to Twitter detailing an operation to prevent the theft of 25,000 ETH (~$10 million). According to the report, the pseudonymous researcher was looking through ethereum smart contracts in search of vulnerabilities, when he discovered a flaw in Lien Finance’s protocol containing 25,000 ether.
Samczsun outlined how the contract contained a burn function, allowing any user to mint worthless tokens in exchange for the stored ETH.
The post reads,
After tracing the usage of this function, I discovered that it would be trivial for anyone to mint tokens to themselves for free, but then burn them in exchange for all of the Ether in the contract. My heart jumped. Suddenly, things had become serious.
The whitehat hacker attempted to contact the anonymous Lien Finance protocol’s owners before turning to ConsenSys security researcher Alexander Wade, whose company had audited the smart contract.
Wade, along with ethereum security specialist Scott Bigelow, reviewed the code for a potential fix. The team eventually joined with mining company SparkPool to move the funds into the safekeeping of a block, allowing Lien Finance to recover them in a more secure manner.