Fight Evil With Evil – Not all hackers are bad. Some are even the nemesis of their peers. As proof, a white hat (literally a „white hat“) discovers and exploits flaws in a computer system in order to protect it. In this case, nearly $ 10 million worth of ethers (ETH) was „hacked“ … for a good cause.
A fatal flaw in a smart contract: 25,700 ETH at stake
The white hat hacker nicknamed “samczsun” , at the origin of the discovery, tells us about a real computer rescue operation for ethers in bad situation .
On September 15, samczsun discovered a vulnerability in the Profit Secret smart contract on Ethereum. Worryingly, this smart contract contained 25,700 ethers , or just over $ 9.6 million at the time of its discovery.
Bad luck for our benefactor pirate, Lien Finance’s development team is anonymous . He then sent an alert message on Ethereum’s Telegram channel dedicated to network security. Shortly after, Alexander Wade of ConsenSys answered him.
Afterward, the rescue team welcomed Tina Zhen from cybersecurity company CertiK . This fell rather well since ConsenSys and CertiK are the 2 companies that audited the incriminated smart contract (but obviously without having spotted the flaw).
Opération « Escaping the Dark Forest »
In From there, the goal of the rescuers were to „escape from the dark forest“ threatened ethers. “ Dark Forest ” designates Ethereum’s mempool , a kind of buffer between the arrival of transactions on the network and their processing by miners.
If this area of the mempool is called so ominously , it is because it is full of automated „predatory“ bots , ready to exploit loopholes in transactions.
The team then called on the SparkPool mining pool to jointly concoct a way to pass the 25,700 ETH directly into a block of transactions, without going through the dangerous mempool.
As shown in the screenshot below, the Lien Finance team managed to recover the $ 10 million worth of ethers at risk. Mission accomplished for the rescuers!