$10 Million Ethereum Vulnerability Patched by Whitehat Hacker

Reading Time: 2 minutes
  • A whitehat hacker saved 25,000 ETH from potentially being stolen after finding a serious flaw in the Lien Finance Ethereum smart contract.
  • Samczsun worked with smart contract auditors ConsenSys to execute the vulnerability and return the ETH to Lien Finance
  • The event is a reminder than even audited smart contracts can have bugs

A vulnerability in an Ethereum smart contract has been fixed by an ethical hacker which could have netted him some $10 million. The hacker, who goes by the name samczsun, posted on his blog an explanation of how he came across and, in tandem with ConsenSys, patched the vulnerability in the Lien Finance protocol which could have seen less scrupulous individuals take 25,000 ETH off the platform.

Ethereum Wallet Presented “Juicy Payday”

samczsun begins his story by saying that on September 15 he was preparing to go to bed when he decided to “take another look at some smart contracts”. One of these belonged to Ethereum-based DeFi lending platform Lien Finance, and samczsun noticed that it contained 25,000 ETH – “a very juicy payday for anyone who managed to find a bug in its logic.” And so he set about doing just that.

It didn’t take him long to track down something in the code that he could exploit:

I discovered that it would be trivial for anyone to mint tokens to themselves for free, but then burn them in exchange for all of the Ethereum in the contract. My heart jumped. Suddenly, things had become serious.

Running the Exploit

After speaking to an Ethereum security expert, it became clear that there were two options – exploit the issue themselves and risk getting front run and losing the ETH, or telling Lien and asking them go public and have users withdraw funds, causing a PR nightmare and risking hackers sniffing out what was going on.

Eventually, after debating the issue with ConsenSys security team, it was decided to execute the vulnerability and run the ETH through a friendly Ethereum mining pool. The group enlisted the help of Sparkpool and, having got all the reassurances they could, executed the hack on the $10 million Ethereum wallet.

Thankfully the execution went as planned with no frontrunning, and the ETH went through to Sparkpool and then back into Lien’s wallet. They patched the code and, after seven hours of hard work, unbearable tension, and lots of coffee, crisis was averted.

Even Audited Smart Contracts Carry Risks

This is one of the stories of an Ethereum DeFi hack with a happy ending, which are sadly all too few. Despite the fact that the 25,000 ETH eventually ended up in the right hands, it is nevertheless worrying that code had been audited by ConsenSys and CertiK prior to samczsun’s discovery

This fact, and the story as a whole, is a stark reminder of the dangers that lurk in the DeFi space, and that any money you invest is at risk, audit or no audit.