A week later, security researcher Pascal Caversaccio was given a tip that enabled him and a group of fellow security researchers to stop a hacker in their tracks.
Seal 911, a cryptobug reporting helpdesk on Telegram, serves as a central point of contact for the group. With the help of Caversaccio and his fellow security researchers, Caversaccio and his fellow security researchers have become crypto hackers of sorts.
The tip alerted Seal 911 to a vulnerable smart contract in dice9win, a protocol that allows users to play games of chance, such as coin flips and dice games.
By exploiting the vulnerability, the hacker found a way to bet on the outcome of coin Flip games, but never lose money.
Igor Igamberdiev, a seal 911 responder who worked with Caversaccio to confirm the bug, told DL News.
By the time the tip off came through, the hacker had already swiped $25,000 from dice9win.
With another $200,000 worth of assets at risk in the same contract, the race was on to remove funds and patch the bug before the hacker could strike again.
Caversaccio said he was confident he and Igamberdiev confirmed the bug and contacted a team member at dice9win that quickly withdrew funds from the vulnerable contract and deployed a patch.
He said the response by seal 911 helped prevent a $200,000 theft.
Seal 911 has been established in August, allowing bug reporters to open a direct line to over 30 crypto whitehats, auditors, and other security leaders. It operates using an automation system that asks questions to those reporting bugs and forwards their answers to the team of security experts.
Samczsun, head of security at Paradigm and one of Seal 911 creators, said that the help desk was an 'experimental solution' and tries to solve the hardest part of responsible bug disclosure: finding the right person to talk to.
The speed at which Seal 911 was able to connect the bug reporter with security experts was crucial in preventing further losses.
Caversaccio said the event marks the first time the SEAL 911 team has been able to stop hackers in their tracks.
In an X post, Igamberdiev detailed the dice9win exploit, explaining that the exploiter used a malicious contract for each coin flip bet.
If the exploiter wins the bet, the contract would redirect the money to their wallet. If they lost the bet, the malicious contract could revert the bet transaction.
Thanks to this revert, the state in dice9win's contracts was not updated, leaving the bid in a pending state. The exploiter could then withdraw the wager on the pending bet eight hours later.
t risk anything other than locked up capital for a short time, having the opportunity to steal money from the casino, Igamberdiev said.
Crypto betting platform Dice9win has been hacked by hackers in the past few weeks. Crypto casino Stake lost $41 million to hackers at the start of September.
Stake co-founder Edward Craven told DL News that hackers did not breach the password-like private keys that govern Stake's wallets, but were able to make a series of unauthorised transactions.
The FBI National Press Office, which released a report, said the North Korean Lazarus Group was behind the Stake attack.
In a statement, the author said, contact Tim@dlnews.com.