This article is more than nine months old

New Seal 911 team stops crypto thief mid-hack and saves $200,000

New Seal 911 team stops crypto thief mid-hack and saves $200,000
DeFi
Seal 911 lets bug reporters open a direct line to over 30 crypto whitehats, auditors, and other security leaders. Credit: Rita Fortunato/DL News
  • Seal 911, a crypto bug reporting help desk on Telegram, is a team of crypto hack first responders.
  • A tip alerted Seal 911 to a vulnerable smart contract at dice9win, which was exploited earlier this week.
  • The team was able to stop the hacker and save $200,000, say Seal 911 members.

Earlier this week, security researcher Pascal Caversaccio received a tip that enabled him and a group of fellow security researchers to stop a hacker in their tracks.

The group operates Seal 911, a crypto bug reporting help desk on Telegram. Through it, Caversaccio and his fellow security researchers have become crypto hack first responders of sorts.

The tip alerted Seal 911 to a vulnerable smart contract at dice9win, a protocol that lets users play games of chance, such as coin flips and dice games.

By exploiting the vulnerability, the hacker found a way to bet on the outcome of coin flip games, but never lose money.

“They bet without the opportunity to lose,” Igor Igamberdiev, a Seal 911 responder who worked with Caversaccio to confirm the bug, told DL News.

‘A historic moment’

“Everything happened within minutes,” Caversaccio told DL News.

The hacker had already swiped $25,000 from dice9win by the time the tip off came through.

And with another $200,000 at risk in the same contract, the race was on to remove funds and patch the bug before the hacker could strike again.

Join the community to get our latest stories and updates

Caversaccio said he and Igamberdiev confirmed the bug and contacted a team member at dice9win, who quickly withdrew funds from the vulnerable contract and deployed a patch.

He said the Seal 911 response helped prevent a $200,000 theft.

”It was a historic moment,” Caversaccio added. “We were able to prevent huge damage to a project that hadn’t officially launched.”

Set up in August, Seal 911 lets bug reporters open a direct line to over 30 crypto whitehats, auditors, and other security leaders. It works using an automated system that asks questions to those reporting bugs and forwards their answers to the team of security experts.

According to samczsun, head of security at Paradigm and one of Seal 911′s creators, the help desk is an “experimental solution” and tries to solve the hardest part of responsible bug disclosure: finding the right person to talk to.

The speed at which Seal 911 was able to connect the bug reporter to security experts was key to avoiding further losses.

Caversaccio said the event marks the first time the SEAL 911 team was able to stop hackers in their tracks.

‘The exploiters didn’t risk anything’

In an X post, Igamberdiev detailed the dice9win exploit, explaining that the exploiter deployed a malicious contract for each coin flip bet.

If the exploiter won the bet, the contracts would redirect money to their wallet. But if they lost, the malicious contract was able to revert the bet transaction.

Thanks to this revert, the state in dice9win’s contracts wasn’t updated, which left the bid in a pending state. The exploiter could then withdraw the wager on the pending bet eight hours later.

“The exploiters didn’t risk anything other than locking up capital for a short time, having the opportunity to steal money from the casino,” Igamberdiev said.

Dice9win isn’t the only crypto betting platform to get hit by hackers in recent weeks. At the start of September, crypto casino Stake lost $41 million to hackers.

Stake co-founder Edward Craven told DL News that hackers did not compromise the password-like private keys that govern Stake’s wallets, but were able to make a series of unauthorised transactions.

According to the FBI National Press Office, the North Korean Lazarus Group was responsible for the Stake attack.

Have a tip on DeFi? Contact the author at tim@dlnews.com.