A rapid response by a white hat hacker helped a blockchain protocol recover most of the funds stolen in a $2.26 million exploit, highlighting the growing role of ethical hackers in Web3 incident response.
Foom Cash, a decentralized, anonymous lottery protocol based on zero-knowledge proofs, was exploited for $2.26 million of funds on Friday.
However, the intervention of an ethical hacker helped the protocol recover $1.84 million, or 81% of the stolen funds, Foom Cash announced on Monday.
Pseudonymous white hat hacker, Duha, has triggered and ”identified the vulnerability and moved to secure the funds on Base before malicious actors could strike, while @DecurityHQ handled the rescue operation on Ethereum,” wrote the protocol in a Monday X post.
Source: Foom Cash
Foom Cash awarded the white hat hacker a $320,000 bounty, while crypto security platform Decurity was awarded a $100,000 security fee.
”By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them,” wrote white hat hacker Duha, in response to the incident.
Related: Suspected insider wallets rack up $1.2M betting on ZachXBT’s Axiom exposé
”Fatal deployment oversight” led to $2.2 million exploit
The $2.2 million exploit occurred due to a ”fatal” deployment mistake, due to a missing command line interface (CLI) in the ”Phase 2 Trusted Setup.”
”In Groth16, if you skip the circuit-specific contribution setup in snarkjs, the parameters γ (gamma) and δ (delta) remain set to the same default value (the G2 generator),” wrote Foom in a Monday X response.
This deployment error enabled the attacker to trick the protocol into ”accepting orged proofs because a placeholder was never randomized.”
White hat hackers to the rescue
White hat interventions have become an increasingly common feature of DeFi incident response, particularly as exploiters move quickly to bridge funds across chains or into privacy tools.
In August 2023, white hat hacker and Paradigm researcher Samczsun established a team of ethical hackers known as SEAL (Security Alliance), surpassing 900 hack-related investigations within their first year, Cointelegraph reported.
The initiative came nearly a month after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024.
SEAL Whitehat Safe Harbor Agreement. Source: Security Alliance
On Feb. 10, 2026, the Ethereum Foundation partnered with SEAL to create a ”Trillion Dollar Security” initiative to combat crypto wallet drainers.
https://www.youtube.com/watch?v=t06mVWz6ngM
Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users