Ongoing Attack on ETH’s Alarm Clock Identified, At Least 200 ETH Stolen
Image courtesy of 123rf.

Ongoing Attack on ETH’s Alarm Clock Identified, At Least 200 ETH Stolen

An ongoing series of exploits targeting the Ethereum Alarm Clock has allegedly already stolen 204 ETH in gas fees.
Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Earlier on the 19th, PeckShield reported they’ve identified an exploit that enables the attacker to rob a transaction owner by canceling the transaction and gaming the transaction fee. At least 24 addresses have attempted to use the exploit.

The ETH Gas Fee Exploit Explained

TransactionRequestCore, the contract at the heart of the exploit, is four years old, while the other abused feature called the Ethereum Alarm Clock smart contract is even more aged—it is seven. The Alarm Clock contains ETH transactions scheduled to take place at a point in the future. 

Allegedly, the exploit is executed by calling a cancel function on an Alarm Clock contract with an unusually high gas fee. Subsequently, the transaction fee is calculated too high leading to the exploiter being able to pocket the difference. Since 51% of the profits are paid out to the miners, it is speculated that the attacks somehow use MEV. MEV is a process of extracting value by reordering transactions while a block is still being built. 

Another company, Supremacy Inc. went into a bit more detail on how the cancel function is getting exploited:

The cancel function calculates the Transaction Fee (gas used * gas price) to be spent with the “gas used” over 85000 and transfers it to the caller. But in fact, the hacker does not need to use more than 85000 gas, only 70355 is enough, the actual tx fee paid < the Transaction Fee returned by the cancel function, where the difference is the hacker profit.

Join our Telegram group and never miss a breaking digital asset story.

Gas Fee Exploits Identified so Far

The first recorded attack led an Ethereum user to lose 121 ETH in gas fees—around $158,000. Allegedly, this first attack is connected to a validator associated with the staking protocol Lido. On the other hand, PeckShield, which later confirmed 24 more attempted exports clarified that none of them appear associated with Lido in any way. 

These exploits come toward the tail end of a very busy month for crypto hacks. In a span of just a few days, both Mango Markets and the BNB chain suffered attacks that led to millions in losses. More recently, Moola Markets suffered an exploit leading to an $8.4 loss although Moola reportedly quickly negotiated the return of much of the funds.

The last update from Supremacy Inc. indicated that 204 ETH has been stolen in the attacks.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

How much ETH will the attacks take before the exploit is patched? Let us know what you think in the comments below.