Theft Of ETH Worth $260,000 From The Ethereum Alarm Clock Protocol

Published on:

Last Updated on October 21, 2022 by Bitfinsider

The Ethereum Alarm Clock, a smart contract protocol for scheduling Ethereum transactions, has been attacked by hackers, who have stolen up to $260,000 worth of ETH by manipulating the gas fee. PeckShield Inc., a company that specializes in blockchain security and data analytics, was the company that made the initial announcement on Twitter about the Ethereum hack on October 19, 2022, among a number of other updates.

PeckShield made the following statement when they made the announcement of the attack: “We’ve confirmed an active exploit that makes use of huge gas price to game the TransactionRequestCore contract for reward at the cost of the original owner.” According to PeckShield, the hackers could make money off of gas fees by exploiting a flaw in the scheduled transactions on the Ethereum alarm clock protocol. This flaw would allow them to profit from gas fees.

The attackers were able to profit from gas fees, which were returned after the transactions were cancelled because they exploited this gap and took advantage of it. The flaw gave the hackers a greater value of gas fees than they had paid for, allowing them to make a profit from the situation.

The Ethereum Alarm Clock is a protocol that gives users the ability to plan future transactions by specifying the recipient’s address, the amount being sent, and the time at which the transaction is desired. To be able to process a transaction using this protocol, users are required to have the appropriate amount of ether (ETH), in addition to the gas fees.

The perpetrators of the hack used inflated transaction fees to call cancel functions on their Ethereum Alarm Clock contracts. This allowed them to successfully carry out the hack. Hackers have the potential to make significant gains from the protocol’s ability to refund gas fees for canceled transactions due to a flaw in the smart contract that governs the protocol.

According to PeckShield’s explanation, MEV-Boost is in a position to offer a much larger reward because the miner is entitled to receive 51% of the gain from the exploit.

PeckShield had only identified 24 addresses as of the afternoon of the previous day as having exploited the vulnerability in order to earn the alleged “rewards.”

Supremacy Inc., a company that provides security for the Web3 ecosystem, also offered an update on the hack. According to Supremacy, 204 ETH, which had a value of approximately $259,800 at the time this article was written, had been stolen. This information was gleaned from the Etherscan transaction history of the Ethereum Alarm Clock protocol.

Explaining how the hack was accomplished, Supremacy pointed out that the cancel function of the Ethereum protocol calculates the Transaction Fee by multiplying the amount of gas that was used by the price of the gas. This amount, known as the “gas used” over 85000, is then given to the person who made the call.

In a tweet, Supremacy Inc. referred to the hack as “interesting,” noting that the code used in the Ethereum alarm clock project was about four years old and that it was amusing that the hackers had dug up such old code to attack. In addition, the tweet noted that the code used in the Ethereum alarm clock project was about four years old.

“Interesting attack event, Transaction Request Core contract is four years old, it belongs to ethereum-alarm-clock project, this project is seven years old, hackers actually found such old code to attack,” observed Supremacy. “Transaction Request Core contract is four years old, it belongs to ethereum-alarm-clock project, this project is seven years old.”

It is not yet known whether the flaw has been fixed and the attack has come to an end or whether it is still ongoing. As of right now, hackers have stolen somewhere in the neighborhood of two hundred and sixty thousand dollars.

Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.