Supremacy, a Web3 security firm, highlighted Etherscan transaction history, which revealed that the hacker(s) were able to swipe 204 ETH in gas fees so far, totaling $259,800.
The Ethereum Alarm Clock allows users to schedule future transactions by specifying the receiver address, sending amount, and transaction time. Users must have the necessary Ether on hand to conduct the transaction and must pay the gas expenses in advance.
On Oct 19, a blockchain security and data analytics firm tweeted that hackers were able to exploit a loophole in the planned transaction process, allowing them to profit from recovered gas fees from canceled transactions.
In simple terms, the attackers executed cancellation methods on their Ethereum Alarm Clock contracts with exaggerated transaction fees. As the protocol refunds gas fees for canceled transactions, a glitch in the smart contract has been refunding the hackers more gas fees than they originally paid, letting them pocket the difference.
“We have identified an active exploit that takes advantage of high gas fees to game the "TransactionRequestCore" contract in order to gain a reward at the cost of the original owner.” The firm noted that “the exploit pays 51% of the profit to the miner, which explains the massive MEV-Boost incentive.”
PeckShield stated at the time that it had discovered 24 addresses that were abusing the flaw in order to receive the claimed rewards.
Web3 security firm Supremacy Inc also released an update a few hours later, linking to Etherscan transaction history, which revealed that the hacker had so far swiped 204 ETH, which was worth around $259,800 at the time of writing.
The Transaction Request Core contract is four years old, it belongs to the Ethereum-alarm-clock project, which is seven years old, and hackers really discovered such historic code to attack, the firm noted.
As of now, there has been no word on whether the hack is still ongoing if the issue has been fixed, or whether the attack has ended.
Despite the fact that October is often associated with bullish movement, this month has been plagued by hacking. According to a source report dated October 13, $718 million has already been stolen through cyberattacks in October, making it the most active month for hacking activities in 2022.
Read also: Japan Relaxes Crypto Tokens Listing Regulations|Top Cryptocurrency News
