Statemind saves avalanche and others half a billion in crypto

Exploits regularly plague the blockchain industry and DeFi protocols like never before. Almost every day that goes by is another horror story about a well-known protocol being drained by hackers through an exploit that could have been caught in advance. Even worse is the impact the news could have on the affected cryptocurrency community, which could crash in value and lose valuable support.

This is exactly why a critical vulnerability and an anonymous white hat tipter recently captivated the crypto community and sparked a widespread public inquiry on Twitter among top blockchain developers. But who exactly was behind the discovery that saved the cryptocurrency industry over $650 million in total value?

Here are the details of the incident and how it sparked a widespread search for the blockchain security audit firm behind the discovery. We will also reveal exactly who the heroes are.

Why Crypto Twitter Launched an Investigation of an Anonymous Tipster

Emerging technologies are subject to rigorous stress testing using the public as beta testers. While more often than not the development team has the purest of intentions, even the tiniest vulnerability can be exploited, leaving no stone unturned when it comes to clean and secure code.

Yet it is impossible to read the headlines of crypto media without encountering story after story of millions of dollars lost in moments. Affected projects may struggle to recover, and the community suffers as a result. Developers are usually stuck delivering the bad news to the community about exactly what happened and why, then begrudgingly receive the backlash and fallout.

But a recent example that was trending on Twitter was one of the rare happy endings that has captured the heart of the crypto community. An anonymous tipster has saved several top crypto protocols — such as Avalanche (AVAX), Abracadabra (MIM), SushiSwap (SUSHI), and others — as much as half a billion dollars in value.

White Hat Discovery Leads to Over $650 Million in Cryptocurrency Savings

Estimated damage and potential casualties include Avalanche at approximately $350 million; Abracadabra for approximately $300 million in MIM tokens and an additional $3 million in user funds; Nereus Finance with nearly $60 million worth of NXUSD tokens; and about $100K in funds from SUSHI loans. There is also an unknown impact regarding the Boba network.

Given the massive amount of money kept safe, developers of the affected protocols took to Twitter to track down the anonymous tipster who sent their discovery to ImmuneFi. It started with SushiSwap core developer Matthew Lilley tweeting about the topic and getting the research trending.

In the hours that followed, a domino effect from developers began to emerge, exposing the vulnerability and working on an immediate fix.

Avalanche, Abracadabra and others come forward with the humble hero

It wasn’t until today when Patrick O’Grady, chief of engineering at Ava Labs, took to Twitter to express his gratitude to Statemind, which later emerged as the blockchain security firm to discover the vulnerability at scale.

The official Abracadabra Twitter account also expressed deep thanks for drawing attention to the critical vulnerability and for saving the crypto community from yet another horror story.

The vulnerabilities were fixed in record time. Both Avalanche and Abracadabra have shared a post mortem on the situation. Other affected blockchains are likely to follow suit and provide transparency to the community at large.

Who is the team behind the White Hat Heroics?

Who exactly is the team behind the discovery? We hooked up with a blogger who also works with the company to find out more.

Blockchain security audit firm Statemind has reviewed the code of ten top blockchain protocols looking for custom precompilations that could be potentially dangerous. Past experience, the blockchain audit firm explained, has shown that custom precompilations in the right environment can become increasingly dangerous.

According to the research, Avalanche and others had a precompilation “that allowed routing random calls through the precompilation that forwarded msg.sender.” For some protocols, that meant anyone could call on behalf of the protocol’s contract.

Statemind.io is a leading blockchain security auditing company with over 100,000 LoC of Solidity and Vyper experience. This extensive experience has resulted in more than $10 billion worth of TVL being secured and the company placed 14th in the Paradigm CTF 2022. Thanks to Statemind, all “funds are SAFU” and the cryptocurrency industry has a new white hat- hero.

Leave a Reply

Your email address will not be published.