The hackers behind Cork Protocol’s $12 million exploit last month’s Cork Protocol’s focus on debate during the conflict between crypto security auditors.
Messages that remain on the chain from the hacker’s address appear to lament the fact that they set a straight record of the root cause of the incident and chase the influence of some auditors in the wake of such attacks.
Comments came in response to a post Wednesday by Jack Sanford, CEO of security auditing firm Sherlock. Sandford accused competitors Spearbit and Cantina of missing out on the vulnerability and covering up the failure.
In the first message, the hacker states that “Sherlock missed it.” A few minutes later, they 4,530 ether has been moved – Currently valued at $11.6 million – to new address.
Discussion
On May 28, A16Z-backed Cork Protocol announced “Wsteth: Security Incidents Affecting Weeth Market” and a temporary suspension of all markets. A subsequent posthumous report said, “The attacker exploited a vulnerability in the Corkhook’s access control, but the audit did not flag it.”
However, Sanford’s post points to commit hash submitted in various auditor reports as evidence of the supposed vulnerability It did not fall within their range.
He then emphasizes that Cantina was unable to provide such a hash and that Spearbit has not made public the report publicly despite being postponed.
The first message left by the hacker seems to be correct to say that the “Uniswap hook is not an issue” and pours cold water into the idea that the bug only exists in later versions of the code.
Dressing down
The attacker then continues with “a real big bomb” written in Estonia, appearing to contradict himself by stating “Sherlock didn’t miss it” and “There are many ways to take DS, not just uni swap hooks.”
He said that all companies that missed the first bug were “You shouldn’t trust. ”
A bit ironically, the main beef for hackers appears to be in blockchain security companies that take advantage of the attention hacks bring.
Companies that “failed to detect real issues” in their ratings are said to include Dedaub, Three Sigma, Halborn, BlockSec, and more.
Hackers say companies looking for promotions by releasing an analysis before official post-death death “is not recommended.”
In the final message sent hours later, the hacker doubles the attack on the auditing company saying, “Writing nonsense about bugs, promoting your brand, and profiting from the efforts of others.”
They are particularly calling Neville Grech of Dedaub and criticizing him as “”.Advertise your brand by analyzing bugs that can’t detect yourself. ”
Read more: Crypto security companies are more interested in social media influence than in detail
Causes of the Cork Protocol?
The content of these later messages suggests that hackers may be members of the security researcher community with x to grind. It seems that others certainly think so.
Read more: Defi Security Researcher involved in a $50 million radioactive capital hack
If so, it’s not the first time that doubts have been raised about the person established in the scene being a black hat. Earlier this year, prolific researcher Nick L. Franklin, who claimed that he “analysed all the major blockchain hacks,” said Linked to a $50 million radioactive capital hack.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
