Investigation Into White Hat Tipster Who Saved Avalanche And Others Half A Billion In Crypto Trends On Twitter

iStock 1269819070

Exploits have been regularly plaguing the blockchain industry and DeFi protocols like never before. Nearly each passing day there is another horror story of a well-known protocol being drained of funds by hackers through an exploit that could have been caught in advance. Even worse is the impact the news can have on the community of the impacted cryptocurrency, which can crash in value and lose valuable support. 

This is exactly why a critical vulnerability and an anonymous white hat tipster captivated the crypto community recently and led to a widespread public investigation on Twitter between top blockchain developers. But who exactly was behind the discovery that saved the cryptocurrency industry a combined more than $650 million in value? 

Here are the details of the incident and how it spiraled into a widespread search for the blockchain security auditing firm behind the discovery. We’ll also reveal exactly who the heroes are. 

Why Crypto Twitter Launched An Investigation Into An Anonymous Tipster

Emerging technologies are put through rigorous stress tests using the public as the beta testers. Although more often than not the development team has the purest intentions, even the tiniest vulnerability can be exploited so no stones can be left unturned when it comes to clean and secure code. 

Yet it is impossible to read crypto media headlines without stumbling upon story after story of millions of dollars lost in a matter of moments. Affected projects can struggle to recover, and the community suffers as a result. Developers are usually stuck delivering the bad news to the community about what exactly happened and why, and then reluctantly receiving the backlash and fallout. 

But a recent example that was trending on Twitter was one of the rare happy endings that has captured the heart of the crypto community. An anonymous tipster saved several top crypto protocols — such as Avalanche (AVAX), Abracadabra (MIM), SushiSwap (SUSHI), and others — as much as half a billion dollars in value.  

White Hat Discovery Leads To More Than $650M In Cryptocurrency Saved 

Estimated damages and would-be victims include Avalanche at roughly $350M; Abracadabra at around $300M worth of MIM tokens and an additional $3M in user funds; Nereus Finance with nearly $60M in NXUSD tokens; and roughly $100K in funds from SUSHI lending. There is also an unknown impact related to the Boba Network. 

Given the enormous amount of funds kept safe, developers of the affected protocols took to Twitter in search of the anonymous tipster who sent their discovery to ImmuneFi. It began with SushiSwap core dev Matthew Lilley, who tweeted on the topic and got the investigation trending. 

In the hours following, a domino-effect of developers began to come forward and reveal the vulnerability and work on an immediate fix.

Avalanche, Abracadabra, And Others Come Forward With The Humble Hero

It wasn’t until just today when Ava Labs Head of Engineering Patrick O’Grady took to Twitter to express thanks to Statemind, which later stepped forward as the blockchain security firm to discover the vulnerability widely. 

The official Abracadabra Twitter account also expressed their deep thanks for calling attention to the critical vulnerability and saving the crypto community for yet another horror story. 

The vulnerabilities were fixed in record time. Both Avalanche and Abracadabra have shared a post mortem on the situation. Other affected blockchains are likely to follow and provide transparency to the community at large. 

Who Is The Team Behind The White Hat Heroics?

Who exactly is the team behind the discovery? We were in touch with a blogger who also works with the company to learn more. 

Blockchain security auditing firm Statemind reviewed the code of ten top blockchain protocols in search of custom precompiles that could be potentially dangerous. Past experiences, the blockchain auditing firm explained, has shown that custom precompiles can be increasingly dangerous in the right environment. 

According to the research, Avalanche and others had a precompile “that allowed for arbitrary calls to be routed through the precompile that relay msg.sender.” For some protocols, that meant that anyone could make calls on behalf of the protocol’s contract. 

Statemind.io is a leading blockchain security auditing company with over 100,000 LoC of Solidity and Vyper experience. This vast experience has led to more than $10B in TVL secured and the firm placed in 14th in the Paradigm CFT 2022. Thanks to Statemind, all “funds are SAFU,” and the cryptocurrency industry has a new white hat hero.