Foom Cash lost about $2.26 million in an exploit tied to a Groth16 verifier misconfiguration, but security companies flagged a $1.84 million white hat rescue.
A rapid response by a white hat hacker helped a blockchain protocol recover most of the funds stolen in a $2.26 million exploit, highlighting the growing role of ethical hackers in Web3 incident response.
Foom Cash, a decentralized, anonymous lottery protocol based on zero-knowledge proofs, was exploited for $2.26 million of funds on Friday.
However, the intervention of an ethical hacker helped the protocol recover $1.84 million, or 81% of the stolen funds, Foom Cash announced on Monday.
Pseudonymous white hat hacker, Duha, has triggered and “identified the vulnerability and moved to secure the funds on Base before malicious actors could strike, while @DecurityHQ handled the rescue operation on Ethereum,” wrote the protocol in a Monday X post.
Foom Cash awarded the white hat hacker a $320,000 bounty, while crypto security platform Decurity was awarded a $100,000 security fee.
“By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them,” wrote white hat hacker Duha, in response to the incident.
Related: Suspected insider wallets rack up $1.2M betting on ZachXBT’s Axiom exposé
The $2.2 million exploit occurred due to a “fatal” deployment mistake, due to a missing command line interface (CLI) in the “Phase 2 Trusted Setup.”
“In Groth16, if you skip the circuit-specific contribution setup in snarkjs, the parameters γ (gamma) and δ (delta) remain set to the same default value (the G2 generator),” wrote Foom in a Monday X response.
This deployment error enabled the attacker to trick the protocol into “accepting orged proofs because a placeholder was never randomized.”
White hat interventions have become an increasingly common feature of DeFi incident response, particularly as exploiters move quickly to bridge funds across chains or into privacy tools.
In August 2023, white hat hacker and Paradigm researcher Samczsun established a team of ethical hackers known as SEAL (Security Alliance), surpassing 900 hack-related investigations within their first year, Cointelegraph reported.
The initiative came nearly a month after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024.
On Feb. 10, 2026, the Ethereum Foundation partnered with SEAL to create a “Trillion Dollar Security” initiative to combat crypto wallet drainers.
