A white hat hacker successfully intervened to help the decentralized lottery protocol Foom Cash recover $1.84 million of the $2.26 million stolen in a recent exploit. The recovery represents approximately 81% of the total stolen funds. The protocol, which is built on zero-knowledge proofs, announced the recovery on Monday, March 2, 2026.
The pseudonymous ethical hacker, known as Duha, identified the critical vulnerability and moved swiftly to secure funds on the Base blockchain before malicious actors could fully extract them. The crypto security firm Decurity managed the recovery efforts on the Ethereum network. In recognition of their efforts, Foom Cash awarded Duha a $320,000 bounty and paid Decurity a $100,000 security fee.
Duha publicly commended the protocol, stating, "By honoring their bug bounty policy, @foomclub_ has proven that they take protocol security seriously and value the researchers helping them."
The exploit was attributed to a "fatal deployment oversight" during the protocol's Phase 2 trusted setup process. Specifically, a missing command-line interface (CLI) step in the Groth16 zero-knowledge proof configuration left critical parameters (γ and δ) at their default, unrandomized values. This flaw allowed an attacker to submit forged proofs and trick the system into authorizing unauthorized withdrawals.
The incident underscores the growing role of white hat hackers and organized security alliances in the DeFi ecosystem. In August 2023, Paradigm researcher Samczsun helped establish the Security Alliance (SEAL), a collective of ethical hackers that has since been involved in over 900 hack-related investigations. More recently, on February 10, 2026, the Ethereum Foundation partnered with SEAL to launch a "Trillion Dollar Security" initiative aimed at combating crypto wallet drainers and other security threats.
