• Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics
Subscribe
  • Login
  • Register
No Result
View All Result
  • Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics
No Result
View All Result
No Result
View All Result

Ethereum Hacker Hacked While Hacking Hacker

13/02/2018 15:47
3 comments

A hacker trying to hack a hacker was hacked by the hacker he was trying to hack in an ethereum smart contract cat and mouse game, honey pots and pots of honey.

An ethereum coder says he was whistling around smart contract land when he saw a bug similar to the one that got the DAO hacked.

But unlike the millions the DAO had, this one was hosting only one eth that on the surface seemed “vulnerable to a Rentrancy attack,” the hacker says before further adding:

“Beauty!”, I thought. “I can have some fun and try out this hack, and give the funds back to the contract creator later. There’s 1 ETH in there, so it should be a fun challenge, maybe do a victorious blog post later.”

Of course he was going to give back the one eth. We do not doubt it for one second. So the smart kid went off writing the exploit code, testing it on testnet, then:

“It didn’t work! The Eth got stuck in his contract. I was shocked, how’s it possible?” He tried again but same result. Schucks – his words.

“The ETH was transferred to his contract, then two transfers showing as going to my exploit contract, however it didn’t get anything,” our cute bunny says.

The smart contract honey pot.

The smart contract had hacked the hacker in probably the very first instance of such case by containing a “check the incoming address” function.

“If it is the owner of the honeypot, it will just return and not consume much gas. If it is anyone else, e.g. you, it will run in an infinite loop to expend all your gas,” an eth developer says.

All that was hidden in the constructor, which is sort of a metadata function to name your contract and can only run once when the smart contract is created. The hacker says:

“The source code being displayed as part of the ‘verified’ contract is kind of like an illusion of a magician’s trick. I’ve actually noticed that the constructor needed the address to the log contract, but didn’t think much of it & didn’t follow up to see what address it was actually pointing to, was in a hurry to execute it before anyone else found this ‘exploit’. In hindsight, it’s so obvious.”

We do not know who was smart enough to create this smart contract, but the hacker and the hacked could be the same person, so hacking us to write about the hacker hacking in a hacked PR stunt.

Yet, as funny as we’ve tried to make this story, there is a clear lesson here kids. When trying to hack hackers, which is probably most of smart contract writers, just be careful you do not get hacked by the hacker you are trying to hack.

And for the rest, as innocent or simple as those solidity lines might seem, they can be very much a minefield, so make sure to buckle down and put on a bunker’s hat when coding them in these pioneering realms.

 

Related Posts

Ethereum, the burning, Aug 2022

EthereumPoW to Remove EIP1559

US Bureau of Labor Statistics

Bitcoin Jumps as US Inflation Falls to 8.5%

LUSD’s Token Jumps, RAI’s Rises 50%

Infura Censors Tornado Cash Smart Contract

Load More
  • Trending
  • Comments
  • Latest
Proof of Work/Stake

Proof of Stake vs Proof of Work

Ethereum, the burning, Aug 2022

EthereumPoW to Remove EIP1559

Alireza Peyman Pak, file photo

Iran Pays with Crypto For $10 Million Import

Torn price, Aug 2022

Torn Token Dives as US Bans a Smart Contract, ENS Domain Goes Offline

Ethereum, the burning, Aug 2022

EthereumPoW to Remove EIP1559

US Bureau of Labor Statistics

Bitcoin Jumps as US Inflation Falls to 8.5%

RAI Spikes, Aug 2022

LUSD’s Token Jumps, RAI’s Rises 50%

Infura RPC censorship, Aug 2022

Infura Censors Tornado Cash Smart Contract

Comments

Latest News

  • EthereumPoW to Remove EIP1559
  • Bitcoin Jumps as US Inflation Falls to 8.5%
  • LUSD’s Token Jumps, RAI’s Rises 50%

About Trustnodes

Terms of Service

Privacy Policy

Our Ethics and Values

Trustnodes Newsletter

Trustnodes © 2017-2022. All Rights Fully Reserved. For any Enquiries contact@trustnodes.com RSS Feed

No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics

Trustnodes © 2017-2022. All Rights Fully Reserved. For any Enquiries contact@trustnodes.com RSS Feed

Welcome Back!

Login to your account below

Authenticate with MetaMask Loading...

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?