A white hat hacker helped Foom Cash recover most of the funds stolen in a $2.26 million exploit, underscoring the growing role of ethical hackers in Web3 incident response.
Foom Cash, a decentralized, anonymous lottery protocol based on zero-knowledge proofs, was exploited for $2.26 million in funds.
The intervention of an ethical hacker helped the protocol recover $1.84 million, or 81% of the stolen funds, Foom Cash announced on Monday.
Pseudonymous white hat hacker Duha identified the vulnerability and secured funds on Base before malicious actors could exploit them, while Decurity handled recovery efforts on Ethereum, the protocol said in a Monday post on X.
Foom Cash awarded the white hat hacker a $320,000 bounty, while crypto security platform Decurity was awarded a $100,000 security fee.
”By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them,” wrote white hat hacker Duha, in response to the incident.
Related: Suspected insider wallets rack up $1.2M betting on ZachXBT’s Axiom exposé
”Fatal deployment oversight” led to $2.2 million exploit
The $2.26 million exploit stemmed from a “fatal” deployment error involving a missing command-line interface (CLI) step during the Phase 2 trusted setup process.
”In Groth16, if you skip the circuit-specific contribution setup in snarkjs, the parameters γ (gamma) and δ (delta) remain set to the same default value (the G2 generator),” wrote Foom in a Monday X response.
This deployment error enabled the attacker to trick the protocol into ”accepting forged proofs because a placeholder was never randomized.”
White hat hackers to the rescue
White hat interventions have become an increasingly common feature of DeFi incident response, particularly as exploiters move quickly to bridge funds across chains or into privacy tools.
In August 2023, white hat hacker and Paradigm researcher Samczsun established a team of ethical hackers known as SEAL (Security Alliance), surpassing 900 hack-related investigations within their first year, Cointelegraph reported.
The initiative came nearly a month after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024.
On Feb. 10, 2026, the Ethereum Foundation partnered with SEAL to create a ”Trillion Dollar Security” initiative to combat crypto wallet drainers.
Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users
