The hacker behind final month’s $12 million exploit of Cork Protocol has weighed in on a debate between two squabbling crypto safety audit corporations.
Messages left on-chain from the hacker’s handle seem to set the document straight concerning the root causes of the incident and lament the clout-chasing of some auditors within the wake of such assaults.
The feedback got here in response to a put up made on Wednesday by Jack Sanford, CEO of safety audit agency Sherlock. Sandford accuses rivals Spearbit and Cantina of lacking the vulnerability and overlaying up their failures.
Within the first message, the hacker states “sherlock missed it.” Minutes later, they moved 4,530 ether — at present valued at $11.6 million — to a brand new handle.
The talk
On Could 28, a16z-backed Cork Protocol introduced a “security incident affecting the wstETH:weETH market” and a short lived pause of all markets. The autopsy report that adopted said that “the attacker exploited an access control vulnerability in the Cork Hook, which none of our audits flagged.”
Nonetheless, Sanford’s put up factors to the commit hashes submitted in numerous auditors’ experiences, as proof that the supposed vulnerability didn’t fall inside their scope.
He then highlights Cantina’s failure to offer such hashes and the way Spearbit is but to launch their report publicly, regardless of it being overdue.
Within the preliminary message left by the hacker, they seemingly right the assumed root reason for the exploit, stating “uniswap hook is not problem,” pouring chilly water on the concept the bug was solely current in later variations of the code.
The dressing-down
The attacker then adopted up with “a really big bombshell,” written in Estonian, through which they seem to contradict themselves by stating that “Sherlock didn’t miss it,” and that “there are many ways to take DS, not just the Uniswap hook.”
He warns that each one corporations that missed the preliminary bug “should not be trusted.”
Considerably sarcastically, the hacker’s fundamental beef seems to be with blockchain safety corporations that capitalize on the eye introduced by hacks.
Corporations that “failed to detect the real problem” of their assessments allegedly embody Dedaub, Three Sigma, Halborn, Blocksec, and lots of others.
The hacker says corporations that search for promotion by releasing analysis earlier than the official autopsy “are not recommended.”
In a last message, despatched hours later, the hacker doubles down on its assault on audit corporations that “write nonsense about bugs to promote their brands and profit from the efforts of others.”
They name out Dedaub’s Neville Grech particularly, accusing him of “promoting your brands by analyzing bugs that you can’t detect yourself.”
Learn extra: Crypto safety corporations extra involved with social media clout than the small print
The Cork Protocol offender?
The content material of those later messages suggests the hacker could be a member of the safety researcher group with an axe to grind. Others actually appear to suppose so.
Learn extra: DeFi safety researcher implicated in $50M Radiant Capital hack
In that case, it wouldn’t be the primary time suspicions have been raised about a longtime determine within the scene being a blackhat. Earlier this yr, Nick L. Franklin, a prolific researcher who claimed to have “analyzed every major blockchain hack”, was linked to the $50 million Radiant Capital hack.
Obtained a tip? Ship us an electronic mail securely by way of Protos Leaks. For extra knowledgeable information, observe us on X, Bluesky, and Google Information, or subscribe to our YouTube channel.