White Hat Recovery: DeFi Protocol Recovers 81% of Stolen Funds

A decentralized lottery protocol has recovered the majority of funds following a security exploit, highlighting the growing role of ethical hackers in Web3 incident response. Foom Cash, a zero-knowledge proof-based anonymous lottery protocol, was exploited for $2.26 million in a breach stemming from a deployment error during its Phase 2 trusted setup process. The intervention of a pseudonymous white hat hacker operating under the handle Duha helped identify and secure vulnerable funds on Base blockchain before malicious actors could exploit the vulnerability. Additional recovery efforts were coordinated through Decurity on Ethereum. The protocol announced successful recovery of $1.84 million, representing 81% of stolen assets. The exploit originated from what Foom Cash described as a fatal deployment oversight involving a missing command-line interface step in the Groth16 trusted setup process. Specifically, circuit-specific contribution parameters remained at default values, enabling attackers to submit forged proofs. The protocol awarded the white hat hacker a $320,000 bounty, with an additional $100,000 security fee paid to Decurity. The incident underscores the increasing importance of white hat interventions in DeFi security, with organized ethical hacking collectives now conducting hundreds of hack-related investigations annually.