Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

Peter Schiff Sees a New Bitcoin Regret Coming: Not Selling Above $60,000

July 15, 2026

iExec Integrates dstack

July 15, 2026

Visa, Mastercard and Ripple back x402 as agent payments average 32 cents

July 15, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»HermesVault Shuts Down After $29K ALGO Hack Exploiting Withdrawal Logic Flaw
Security

HermesVault Shuts Down After $29K ALGO Hack Exploiting Withdrawal Logic Flaw

May 21, 2026No Comments3 Mins Read

Algorand-based privacy protocol HermesVault has permanently shut down operations after a security breach resulted in the theft of approximately 261,000 $ALGO tokens, valued at roughly $29,466 at the time of the incident. The news was confirmed by lead protocol engineer Giulio Pizzini in a post on X, detailing the technical nature of the exploit.

Technical Flaw in Withdrawal Verification

According to Pizzini, the zero-knowledge (zk) circuit at the core of HermesVault’s privacy mechanism remained secure. However, the vulnerability was found in the key reset defense logic within the withdrawal verification script. This flaw allowed the attacker to bypass the zk verification process entirely and withdraw funds without proper authorization.

Pizzini stated that the vulnerability has since been patched, and a significant portion of the stolen funds — 230,000 $ALGO — has already been returned to the project. The remaining 30,000 $ALGO is still unaccounted for, but the team has initiated a refund process for affected users.

Refund Process for Victims

Victims who lost funds in the remaining 30,000 $ALGO theft are eligible for a full refund. To claim compensation, users must prove ownership of their affected address and provide a secret note associated with their transaction. The team has not disclosed a specific deadline for refund claims but urged users to act promptly.

Implications for Privacy Protocols

The HermesVault incident underscores the complexity of securing privacy-focused DeFi protocols. While zero-knowledge proofs are widely regarded as robust, implementation errors in surrounding logic — such as withdrawal scripts — can still expose critical vulnerabilities. This case serves as a reminder that even well-audited zk-based systems require comprehensive security reviews of all auxiliary components.

See also  $2.4M exploit triggers EMURGO’s Cardano Pentad withdrawal

For the Algorand ecosystem, the shutdown of a notable privacy protocol may raise questions about the long-term viability of privacy solutions on the network, especially as regulatory scrutiny around anonymous transactions intensifies globally.

Conclusion

HermesVault’s closure following the $29K $ALGO hack highlights the ongoing security challenges in decentralized finance. While the team acted swiftly to patch the flaw and initiate refunds, the incident has permanently ended the protocol’s operations. Users with affected funds are encouraged to follow the official refund process to recover their assets.

FAQs

Q1: What caused the HermesVault hack?
The hack exploited a flaw in the key reset defense logic of the withdrawal verification script, not the zero-knowledge circuit itself. This allowed the attacker to bypass zk verification and withdraw funds.

Q2: How much was stolen, and how much has been refunded?
Approximately 261,000 $ALGO ($29,466) was stolen. Of that, 230,000 $ALGO has been refunded, leaving 30,000 $ALGO still outstanding.

Q3: How can victims claim a refund for the remaining stolen $ALGO?
Victims must prove ownership of their affected address and provide a secret note associated with their transaction to receive a full refund.

Source link

29K ALGO exploiting flaw hack HermesVault Logic shuts withdrawal

Related Posts

iExec Integrates dstack

July 15, 2026

High NA EUV reaches new readiness milestone with first high-volume Logic product

July 15, 2026

How a DAO lost $20 million in one proposal

July 15, 2026

Humanity Protocol to prioritize operational security following $36M hack

July 14, 2026
Top Posts

CBDC lays foundation for new global monetary system: French central bank

October 4, 2023

North Korean Hackers Stole $600m in Crypto in 2023

March 16, 2026

Bitcoin miners’ AI pivot draws billion-dollar Wall Street bets

March 6, 2026

Type above and press Enter to search. Press Esc to cancel.