A white hat hacker helped Foom Cash recover most of the funds stolen in a $2.26 million exploit, highlighting the growing role of ethical hackers in responding to Web3 incidents.
Foom Cash, a decentralized and anonymous lottery protocol based on zero-knowledge proofs, has been used for $2.26 million.
Foam Cash announced on Monday that the intervention of an ethical hacker helped the protocol recover $1.84 million, or 81% of the stolen funds.
A white hat hacker alias Duha discovered the vulnerabilities and secured funds in Base before malicious actors could exploit them, while Decurity managed recovery efforts on Ethereum, the protocol said in a Monday post on X.
Foom Cash awarded a white hat hacker $320,000, while crypto security platform Decurity was awarded a $100,000 security fee.
“By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers who help them,” white hacker Duha wrote in response to the incident.
related to: Alleged insider wallets boost ZachXBT’s Axiom betting by $1.2 million
“Deadly deployment control” led to a $2.2 million exploit
The $2.26 million exploit was caused by a “fatal” deployment bug caused by a missing command-line interface (CLI) step during the Phase 2 trusted setup process.
“In Groth16, if you bypass the circuit-specific input settings in snarkjs, the γ (gamma) and δ (delta) parameters are set to the same default value (G2 generator),” wrote Foom in a response to Monday X.
This placement error allowed an attacker to trick the protocol into “accepting fake arguments because the placement was never random.”
White hat hackers to the rescue
White hat interference has become an increasingly common feature of the response to DeFi incidents, especially when exploiters move quickly between chains or privacy tools for money.
In August 2023, white hackers and Paradigm researcher Samchsun founded a group of ethical hackers known as SEAL (Security Alliance), which during its first year exceeded 900 hacking studies, Cointelegraph reports.
The initiative comes about a month after a hacker stole more than $230 million from WazirX, an Indian cryptocurrency exchange, in the second largest cryptocurrency hack of 2024.
On February 10, 2026, the Ethereum Foundation partnered with SEAL to create a “Trillion Dollar Security” initiative to combat crypto wallet drainers.
Magazine: Sew crypto airdrops inside a phone bot farm of 30,000 real users
