War with bots and collusion with the mining pool. How a hacker saved 25,000 Ethereum

War with bots and collusion with the mining pool. How a hacker saved 25,000 Ethereum


A blockchain expert found a vulnerability in the Lien Finance application code that allowed anyone to embezzle $10 million in ETH. To save money, it took a combination of developers from different companies, writing two programs and complete secrecy

Blockchain platform security researcher and samczsun hacker helped DeFi save $10 million in Ethereum, he said on his blog. In mid-September, the expert looked for vulnerabilities among the applications of the decentralized finance sector and found such a project in Lien Finance. One of his protocols contained 25,000 ETH coins that anyone could pick up.

The expert explained that the smart contract on which the cryptocurrency was blocked had an incorrectly prescribed burning function. Any user could issue worthless tokens and exchange them for Ethereum coins mixed in the protocol. Samczsun decided to prevent the theft of cryptocurrency, but there were a number of difficulties.

First, the Lien Finance team is anonymous. Accordingly, there was no one to report the discovery of the vulnerability. In addition, it was not possible to report it publicly, as it would probably lead to the theft of Ethereum. For these reasons, the hacker teamed up with Alexander Wadey, a researcher at ConsenSys, who audited Lien Finance protocols, and Ethereum security specialist Scott Bigelow.

Together, the experts had to solve the second problem. Initially, they were going to take advantage of the vulnerability and withdraw the coins, and then hand them over to the rightful owners. But it was impossible to act because of the "frontrunners." These are special trading bots operating in the Ethereum network. They look for blockchain transactions that will benefit users and then duplicate those transactions, but offer a higher commission to get into the block first.

Therefore, it was extremely important to keep the upcoming operation to save 25,000 Ethereum coins a secret. To achieve this, a team of hackers and other experts turned to the SparkPool mining pool. Together, the experts developed an algorithm that would allow miners to accept transactions from the hacker so that they do not appear on the Ethereum network and, accordingly, could not be intercepted by frontrunner bots.

At the same time, the hacker managed to get in touch with CertiK, which also audited the Lien Finance protocol. This made contact with the project developers and they were alerted to the upcoming operation. In the end, it went like this.

"Team of Saviors" wrote an algorithm that should create 30,000 SBT and LBT tokens and, after their release, transfer to the wallet of the developers of the Lien Finance project. This algorithm was initiated in the Ethereum network, and now the transaction in private must be processed by the miners of the SparkPool pool. If the operation had been seen by "frontrunners," they would have received $10 million in ETH.

That didn't happen. The transaction went unnoticed and was successful. As a result, developers from Lien Finance received SBT and LBT tokens, which were subsequently exchanged for 25,000 Ethereum. This operation was recorded by a blockchain browser etherscan.io.

In July, an unknown hacker earned almost $500,000 in cryptocurrency during the token of the coin B'RX. He made a spam attack on the Ethereum blockchain to buy the cryptocurrency first and then sell it to other traders who tried to participate in the sale of coins, but were unable to do so because of the overload of the network.

Comments

Popular posts from this blog

Bitcoin will not be able to repeat the 2017 rally. Analysts are sure of that.

"Investors need a minimum." When Bitcoin Will Begin Recovery