DeFi News

FOOMCASH Loses $2.26M in Copycat zkSNARK Exploit

Misconfigured zkSNARK keys let attackers forge proofs and drain FOOMCASH funds, with whitehats recovering some ETH.

Written By Kenrodgers Fabian Kenrodgers Fabian
Fact Checked by Divya Mistry Divya Mistry
Make The Crypto Times preferred on Google
FOOMCASH Loses $2.26M in Copycat zkSNARK Exploit

Key Highlights

  • FOOMCASH lost ~$2.26M in a copycat zkSNARK exploit, highlighting risks in privacy-focused smart contracts.
  • Attackers reused proofs due to a Groth16 verifier mistake, while whitehats recovered part of Ethereum losses.
  • Even small cryptography setup errors can cost millions, urging platforms to double-check zkSNARK configurations.

A high-alert incident hit privacy-focused game project FOOMCASH on Ethereum and Base networks, resulting in an estimated $2.26 million loss. Blockchain security firm BlockSec identified the attack as a copycat exploit mirroring the earlier Veil Cash breach. 

In an X post, BlockSec Phalcon said the exploit targeted misconfigured zkSNARK verification keys, allowing attackers to forge proofs and repeatedly drain funds. Notably, Ethereum saw a partial whitehat intervention, mitigating some losses.

BlockSec stated, “The incident appears to be an imitation attack exploiting the same root cause previously identified in the Veil Cash exploit (@Veildotcash), where attackers forged zkSNARK proofs due to misconfigured verification keys.” 

Other than a financial hit, this exploit highlights ongoing weaknesses in privacy-focused smart contracts. 

How the attack worked

The Veil Cash attack took advantage of a setup mistake in the Groth16 verifier, where two key points—gamma and delta—were accidentally made the same. Normally, the verifier ties each proof to specific inputs, stopping hackers from reusing it. But with gamma equal to delta, attackers could adjust the proof for any input they wanted. This let them repeatedly withdraw ZOOM tokens using the same original proof.

CertiK confirmed this in an alert: “The root cause may be the delta2==gamma2 setting of the Groth16 verifier at 0xc0..71A6. This enables the exploiter to compute ‘pC’ needed for different ‘nullifierHash’ while all other inputs are the same.” On-chain traces show the attacker adjusted C on the fly via elliptic curve computations, bypassing zkSNARK constraints entirely.

Whitehat recovery efforts

Some of the Ethereum losses were recovered by whitehat hackers. Apex777.eth reported, “A whitehat (@DefimonAlerts) has recovered about 2 ETH. The current pools have not been affected by this.” 

Therefore, while losses on the Base network are still significant, these actions show that a growing community of ethical hackers is actively watching DeFi platforms. Even a small mistake in cryptography can cost millions, so FOOMCASH and similar platforms need to carefully double-check their zkSNARK setups.

Also Read: Whale Loses $8.2M in Failed ARC Token Long Squeeze on Lighter

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Crypto Journalist at The Crypto Times, based in Kenya. He reports on high-profile global financial fraud, investment scams, phishing schemes, and cross-chain protocol exploits. His coverage heavily tracks systemic crypto vulnerabilities, ecosystem security breaches, and central bank shifts toward stablecoins and tokenized finance infrastructure. All investigative coverage on crypto cybercrimes and security events passes through his desk before publication. His four years in fast-paced crypto media have shaped his structured approach to deciphering malicious smart contracts, verifying data-heavy fraud cases, and providing accurate reporting on digital currency risks.
Divya Mistry
By Divya Mistry
Follow:
Divya Mistry is the Senior Editor at The Crypto Times. She leads the central editorial desk, overseeing the review and publication of policy analyses, investigative reports, exchange coverage, and protocol exploit stories. Her editorial remit spans digital asset markets, global exchange operations, cross-border digital asset settlements, regulatory developments, and other key developments shaping the cryptocurrency industry. Divya brings more than a decade of experience in editorial strategy, content development, public relations, marketing communications, and research. Before joining The Crypto Times, she worked across multiple sectors, including finance, technology, education, healthcare, real estate, entertainment, lifestyle, and vertical transport, contributing to both digital and print publications. Her research and content work has been featured on platforms including DNA India, Zee, Forbes, and Elevator World India. She holds a Master's degree in English Literature from the University of Mumbai. Drawing on her background in long-form publishing, research, and editorial leadership, she reviews and refines complex stories to ensure accuracy, clarity, and strong editorial standards before publication.

Latest News

Why Indian Traders Pay Over 10% Premium When Crypto Crashes
Why Indian Traders Pay Over 10% Premium When Crypto Crashes?
Kalshi Sues Illinois in Escalating Fight Over Prediction Markets
Kalshi Sues Illinois in Escalating Fight Over Prediction Markets
Kalshi Eyes $40B Valuation as Prediction Market Boom Continues Report
Kalshi Eyes $40B Valuation as Prediction Market Boom Continues: Report
Dave Portnoy Questions Bitcoin’s $1M Future as Price Drops Below $60K
Dave Portnoy Questions Bitcoin’s $1M Future as Price Drops Below $60K
STRC Stock Tumbles 7% to Near Yearly Lows Following Bitcoin Slump
STRC Stock Tumbles 7% to Near Yearly Lows Following Bitcoin Slump

Find Us on Socials

You may also like