ChainCatcher reports that the decentralized anonymous lottery protocol Foom Cash lost approximately $2.26 million in a security breach, but white-hat hackers intervened in time to recover $1.84 million (about 81% of the stolen funds).
The security incident was caused by a critical error during Foom Cash’s deployment, specifically related to a Groth16 verifier configuration issue, which allowed attackers to submit forged proofs to the protocol. A white-hat hacker named Duha identified the vulnerability and quickly protected the funds on the Base chain, while security firm Decurity handled the rescue of funds on Ethereum. In return, Foom Cash paid the white-hat hacker a bounty of $320,000 and paid Decurity $100,000 in security fees.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Gate’s “Crazy Wednesday” is live with a hot launch. Complete tasks to win XRP and Glenfiddich whisky. For USDT savings, earn up to 100% APY. For BTC/ETH/SOL staking, earn up to 16% mining APY.
Gate News message, according to Gate’s official announcement on April 15, 2026
Gate launches a “Crazy Wednesday” campaign, running from April 15, 2026 at 14:00 to April 19, 2026 at 16:00 (UTC+8). Users complete multiple tasks to unlock mystery boxes, with a chance to win XRP tokens and Glenfiddich whisky. The mystery box tasks include multiple categories such as flash swaps, spot, and futures trading, as well as top-ups, invitations, and VIP upgrades, and each tier corresponds to a different number of mystery box openings.
Campaign Two launches a USDT wealth-management product, with a 14-day fixed-term annualized yield of 6%. New users can also participate in a 3-day product offering 100% annualized yield. In addition, Yu’e Bao also offers multi-currency wealth-management options such as USAT, USDD, 0G, and APT, with annualized returns of up to 300%. Campaign Three introduces a boosted rewards policy for staking users, offering up to a 16% annualized return for staking BTC, ETH, and SOL; for SOL staking, staking 0–1 coins can yield up to 16% annualized.
GateAnnouncement15m ago
Bitmine Quarterly Report: ETH Staking Income Grows 7x, but a Price Drop Turns into a $3.8 Billion Quarterly Loss
Bitmine Immersion Technologies’ 10-Q quarterly report, released on April 14, shows that as of February 28, 2026, although its revenue grew by 7 times to $11.04 million, it recorded unrealized losses of $3.78 billion due to a decline in the price of ETH, resulting in a net loss of $3.82 billion for the quarter. The company is shifting from traditional mining to an ETH treasury management strategy, emphasizing growth in staking income while also facing price volatility risk.
ChainNewsAbmedia18m ago
Ethereum Foundation Launches $1M Audit Fund to Boost Blockchain Security
The Ethereum Foundation launched the Ethereum Security Subsidy Program, committing $1 million to subsidize smart contract audit costs for mainnet builders. Over 20 audit firms are involved, aiming to enhance security within the developer ecosystem.
GateNews20m ago
ETH OG Whale Holds 42 Altcoin Positions with $6.22M Unrealized Loss
A whale address from 2017 holds 42 altcoin positions on Hyperliquid with a total value of $49.6 million and an unrealized loss of $6.22 million, having incurred overall trading losses of $14.94 million.
GateNews2h ago
Hackers bought 30 WordPress plugins and planted backdoors, laying low for 8 months, using Ethereum smart contracts to bypass domain blocking
In August 2025, a buyer calling himself “Kris” planted a timed bomb in 191 lines of code; eight months later it detonated, and C2 communications bypassed the blocklist. This article is based on a report by security researcher Austin Ginder.
(Previously: BTC surges to $75,000! ETH rebounds to 2400; Vance says the U.S.-Iran negotiations have “made a lot of progress,” with a tentative second round of talks on the 16th)
(Background: Gate founder Dr. Han’s 13th-anniversary open letter: during a cycle transition, unleash the power of change)
Table of Contents
Toggle
191 lines, a single “compatibility update”
wp-config.php is written with 6KB of malicious code
This isn’t the first time, and it won’t be the last
A system issue, not a technical one
動區BlockTempo2h ago
