Friday, September 29, 2023
HomeEthereumEthereum Alarm Clock exploit leads to $260K in stolen gas fees so...

Ethereum Alarm Clock exploit leads to $260K in stolen gas fees so far

A bug in the smart contract code of the Ethereum Alarm Clock service has been reportedly exploited, and around $260,000 is said to have been stolen from the protocol so far.

Ethereum Alarm Clock allows users to schedule future transactions by pre-determining the recipient address, the amount to be transferred and the desired transaction time. User needs Ether (ethereum) to complete the transaction and prepay the gas bill.

According to a Twitter post by blockchain security and data analytics firm PeckShield on Oct. 19, hackers were able to exploit a loophole in the scheduled transaction process and profit off gas fees returned from canceled transactions. rice field.

Simply put, the attackers basically called the cancel function of the Ethereum Alarm Clock contract with a high transaction fee. Since the protocol refunds gas fees for canceled transactions, a bug in the smart contract allows hackers to refund more gas fees than they originally paid, and pocket the difference.

“We have seen active exploits manipulating the TransactionRequestCore contract to take advantage of huge gas prices to get rewards at the expense of the original owner. You will get this huge MEV-Boost reward,” the company wrote.

PeckShield added that at the time, it discovered 24 addresses that were exploiting the bug to collect supposed “rewards.”

Web3 security company Supremacy Inc also provided an update hours later, pointing to Etherscan transaction history showing that the hackers have so far been able to swipe 204 ETH (worth about $259,800 at the time of writing).

“Interesting attack event. The TransactionRequestCore contract is 4 years old and belongs to the Ethereum Alarm Clock project. ” said the company.

As it stands, we lack updates on the topic to determine if the hack is ongoing, if the bug is patched, or if the attack is over. Yes, and Cointelegraph will provide updates as it develops.

October is generally associated with bullish moves, but this month has been rife with hacks so far. $718 million stolen in hack 2022 has been the month with the most hacking activity.