Investigation Into White Hat Tipster Who Saved Avalanche And Others Half A Billion In Crypto Trends On Twitter

Exploits have been regularly plaguing the blockchain industry and DeFi protocols like never before. Nearly each passing day there is another horror story of a well-known protocol being drained of funds by hackers through an exploit that could have been caught in advance. Even worse is the impact the news can have on the community of the impacted cryptocurrency, which can crash in value and lose valuable support. 

This is exactly why a critical vulnerability and an anonymous white hat tipster captivated the crypto community recently and led to a widespread public investigation on Twitter between top blockchain developers. But who exactly was behind the discovery that saved the cryptocurrency industry a combined more than $650 million in value? 

Here are the details of the incident and how it spiraled into a widespread search for the blockchain security auditing firm behind the discovery. We’ll also reveal exactly who the heroes are. 

Why Crypto Twitter Launched An Investigation Into An Anonymous Tipster

Emerging technologies are put through rigorous stress tests using the public as the beta testers. Although more often than not the development team has the purest intentions, even the tiniest vulnerability can be exploited so no stones can be left unturned when it comes to clean and secure code. 

Yet it is impossible to read crypto media headlines without stumbling upon story after story of millions of dollars lost in a matter of moments. Affected projects can struggle to recover, and the community suffers as a result. Developers are usually stuck delivering the bad news to the community about what exactly happened and why, and then reluctantly receiving the backlash and fallout. 

But a recent example that was trending on Twitter was one of the rare happy endings that has captured the heart of the crypto community. An anonymous tipster saved several top crypto protocols — such as Avalanche (AVAX), Abracadabra (MIM), SushiSwap (SUSHI), and others — as much as half a billion dollars in value.  

White Hat Discovery Leads To More Than $650M In Cryptocurrency Saved 

Estimated damages and would-be victims include Avalanche at roughly $350M; Abracadabra at around $300M worth of MIM tokens and an additional $3M in user funds; Nereus Finance with nearly $60M in NXUSD tokens; and roughly $100K in funds from SUSHI lending. There is also an unknown impact related to the Boba Network. 

Given the enormous amount of funds kept safe, developers of the affected protocols took to Twitter in search of the anonymous tipster who sent their discovery to ImmuneFi. It began with SushiSwap core dev Matthew Lilley, who tweeted on the topic and got the investigation trending. 

Kashi Markets on Avalanche were whitehacked following the discovery of an attack vector introduced by the Native Asset Call precompile on Avalanche. Sushi team was able to validate the report, which was submitted by a whitehacker on @immunefi, by crafting a simple PoC. 1/6

— I’m Software (@MatthewLilley) September 8, 2022

In the hours following, a domino-effect of developers began to come forward and reveal the vulnerability and work on an immediate fix.

1/!

We have been notified of a possible vulnerability on our Avalanche cauldrons.

No user funds have been lost, the vulnerability is now patched and all collateral has been secured.

Read more about our post mortem herehttps://t.co/2HSvPkugEs

— (@MIM_Spell) September 8, 2022

Avalanche, Abracadabra, And Others Come Forward With The Humble Hero

It wasn’t until just today when Ava Labs Head of Engineering Patrick O’Grady took to Twitter to express thanks to Statemind, which later stepped forward as the blockchain security firm to discover the vulnerability widely. 

@statemindio came forward as the anonymous whitehat who tipped off the teams involved: https://t.co/MmG4hkkad7

Thanks again for all your work to alert the community of the issue! 🫡

— Patrick “The Faucet” O’Grady (@_patrickogrady) September 8, 2022

The official Abracadabra Twitter account also expressed their deep thanks for calling attention to the critical vulnerability and saving the crypto community for yet another horror story. 

!

We would like to deeply thank the auditing firm @statemindio for reporting the vulnerability mentioned in our latest announcement.

Thanks to their report we have managed to secure all the funds and work together with @avalancheavax to patch the vulnerability!

— (@MIM_Spell) September 8, 2022

 

The vulnerabilities were fixed in record time. Both Avalanche and Abracadabra have shared a post mortem on the situation. Other affected blockchains are likely to follow and provide transparency to the community at large. 

Who Is The Team Behind The White Hat Heroics?

Who exactly is the team behind the discovery? We were in touch with a blogger who also works with the company to learn more. 

I know the anonymous hackers that disclosed the exploit to @avalancheavax @MIM_Spell & @SushiSwap

saving $3m in user funds and 300m $MIM tokens

if you’re a crypto journalist looking for comments/exclusive details from the team that found the exploit let me know 🙂 https://t.co/3B8axWjYqS

— notEezzy (@notEezzy) September 8, 2022

Blockchain security auditing firm Statemind reviewed the code of ten top blockchain protocols in search of custom precompiles that could be potentially dangerous. Past experiences, the blockchain auditing firm explained, has shown that custom precompiles can be increasingly dangerous in the right environment. 

According to the research, Avalanche and others had a precompile “that allowed for arbitrary calls to be routed through the precompile that relay msg.sender.” For some protocols, that meant that anyone could make calls on behalf of the protocol’s contract. 

Statemind.io is a leading blockchain security auditing company with over 100,000 LoC of Solidity and Vyper experience. This vast experience has led to more than $10B in TVL secured and the firm placed in 14th in the Paradigm CTF 2022. Thanks to Statemind, all “funds are SAFU,” and the cryptocurrency industry has a new white hat hero. 

Related Posts

Bitcoin price slips under $19K as official data confirms US recession

Politicians continue to argue about whether the U.S. economy is in recession, even as data highlights two consecutive quarters of negative growth. Meanwhile, BTC holds $19,000, for…

This altcoin exploded 120%, will it continue to rise in October? Analysts take

Terra Classic’s (LUNC) over 100 percent rally in September has forced analysts to look into how October could be for the cryptocurrency. The recent 1.2 percent burn…

Shiba Inu biggest position for Ethereum whales holding more than $139M – Will SHIB price explode?

Ethereum Whales double down on Shiba Inu buying despite the crypto winter encouraged by discounted prices and the Impressive growth of the Shiba Inu ecosystem driving up…

Hong Kong Protects Local Currency in Forex Market Amid Capital Flight to US Dollar

Following the Bank of England explaining that it would be meddling in U.K. bond markets and the Bank of Japan defending the yen in the foreign exchange…

Biggest Movers: SOL Moves Towards $35.00, XMR Extends Recent Gains

Solana rose for a second straight day on Thursday, as the token moved closer to its long-term resistance point of $35.00. Monero was also in the green…

Bitcoin Mining Industry Reveals Mergers, Hashrate Increases, and New Facilities Amid Market Downturn

While bitcoin is down more than 72% from the crypto asset’s all-time high, bitcoin mining operations are expanding at a rapid pace during the downturn. On Tuesday,…

Generated by Feedzy