Crypto: White Hat Helps Recover $1.8m After $2.3m Foom Cash Exploit 2026

Foom Cash lost $2.26 million in an exploit tied to a Groth16 verifier misconfiguration, but a white hat recovered $1.84 million of the funds.

A white hat hacker helped Foom Cash recover most of the funds stolen in a $2.26 million exploit, underscoring the growing role of ethical hackers in Web3 incident response.

Foom Cash, a decentralized, anonymous lottery protocol based on zero-knowledge proofs, was exploited for $2.26 million in funds.

The intervention of an ethical hacker helped the protocol recover $1.84 million, or 81% of the stolen funds, Foom Cash announced on Monday.

Pseudonymous white hat hacker Duha identified the vulnerability and secured funds on Base before malicious actors could exploit them, while Decurity handled recovery efforts on Ethereum, the protocol said in a Monday post on X.

Foom Cash awarded the white hat hacker a $320,000 bounty, while crypto security platform Decurity was awarded a $100,000 security fee.

”By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them,” wrote white hat hacker Duha, in response to the incident.

Related: Suspected insider wallets rack up $1.2M betting on ZachXBT’s Axiom exposé

The $2.26 million exploit stemmed from a “fatal” deployment error involving a missing command-line interface (CLI) step during the Phase 2 trusted setup process.

”In Groth16, if you skip the circuit-specific contribution setup in snarkjs, the parameters γ (gamma) and δ (delta) remain set to the same default value (the G2 generator),” wrote Foom in a Monday X response.

Source: CoinTelegraph