en
Back to the list

Ongoing Attack on ETH’s Alarm Clock Identified, At Least 200 ETH Stolen

source-logo  tokenist.com 20 October 2022 01:54, UTC

Earlier on the 19th, PeckShield reported they’ve identified an exploit that enables the attacker to rob a transaction owner by canceling the transaction and gaming the transaction fee. At least 24 addresses have attempted to use the exploit.

The ETH Gas Fee Exploit Explained

TransactionRequestCore, the contract at the heart of the exploit, is four years old, while the other abused feature called the Ethereum Alarm Clock smart contract is even more aged—it is seven. The Alarm Clock contains ETH transactions scheduled to take place at a point in the future.

Allegedly, the exploit is executed by calling a cancel function on an Alarm Clock contract with an unusually high gas fee. Subsequently, the transaction fee is calculated too high leading to the exploiter being able to pocket the difference. Since 51% of the profits are paid out to the miners, it is speculated that the attacks somehow use MEV. MEV is a process of extracting value by reordering transactions while a block is still being built.

Another company, Supremacy Inc. went into a bit more detail on how the cancel function is getting exploited:

The cancel function calculates the Transaction Fee (gas used * gas price) to be spent with the “gas used” over 85000 and transfers it to the caller. But in fact, the hacker does not need to use more than 85000 gas, only 70355 is enough, the actual tx fee paid < the Transaction Fee returned by the cancel function, where the difference is the hacker profit.

Gas Fee Exploits Identified so Far

The first recorded attack led an Ethereum user to lose 121 ETH in gas fees—around $158,000. Allegedly, this first attack is connected to a validator associated with the staking protocol Lido. On the other hand, PeckShield, which later confirmed 24 more attempted exports clarified that none of them appear associated with Lido in any way.

#PeckShieldAlert #MEVBoost 💸💸💸 A @LidoFinance validator rewarded 121.59 ETH ($157.9k) via the @builder0x69 @ block#15782459. Here comes the payment tx: https://t.co/xWRaIweVdX

— PeckShieldAlert (@PeckShieldAlert) October 19, 2022

These exploits come toward the tail end of a very busy month for crypto hacks. In a span of just a few days, both Mango Markets and the BNB chain suffered attacks that led to millions in losses. More recently, Moola Markets suffered an exploit leading to an $8.4 loss although Moola reportedly quickly negotiated the return of much of the funds.

The last update from Supremacy Inc. indicated that 204 ETH has been stolen in the attacks.

This is a developing story and will be updated when new details emerge.

tokenist.com