- Whitehat hacker saves 25,000 ETH from theft
- Samczsun identified a $10 million security flaw on Lien Finance protocol
- ConsenSys teams up with Samczsun to save the day
A pseudonymous hacker impeded a $10 million ethereum heist, after uncovering a fragility in an ETH smart contract. Whitehat hacker samczsun, who specializes in blockchain security research, posted a report on their webpage, explaining the details of the procedure he used to avoid 25,000 ETH worth about $10 million from being stolen.
$10 million ethereum heist shunned
As per the blockchain security research expert, he was strolling through ethereum smart contracts looking for security risks. In the process, he identified a fault in the Lien Finance’s protocol, which contained ethereum worth $10 million. In his report, samczsun notes that the contract consisted of a burn function, which permitted any user to produce valueless coins in exchange for the preserved ethereum tokens.
“After tracing the usage of this function, I discovered that it would be trivial for anyone to mint tokens to themselves for free, but then burn them in exchange for all of the Ether in the contract. My heart jumped. Suddenly, things had become serious.”
After that discovery, the blockchain security expert tried to reach the unknown owner of the Lien Finance protocol. However, he was careful not to leak the information regarding the $10 million ethereum heist with the wrong personnel, which would place the funds in jeopardy. While going through the website, samczsun noted that the developers of the smart contract worked with ConsenSys Diligence and immediately reached to Maurelian, the co-founder of ConsenSys, but he could not get him on Telegram
$10 million rescue mission
After a while, the whitehat hacker decided to contact the ConsenSys security team on Telegram, and fortunately, the firm’s security research expert, Alex Wade, was up late that night. Wade teamed up with ethereum security expert Scott Bigelow and examined the code for possible solutions. The security experts transferred the funds to Sparkpool mining firm for custody, enabling Lien Finance to reclaim them after fixing the security flaw.