Thursday, March 5, 2026

$2.26 million. Gone in a flash of math.

FoomCash billed itself as a “ZKProof-powered private lottery protocol”, a system where zero-knowledge proofs ensured withdrawals couldn’t be faked.

The project positioned itself as an upgrade to the sanctioned Tornado Cash mixer, touting higher daily transaction volumes, over $8 million in liquidity, and annual returns of 50–80% for liquidity providers.

One omitted cryptographic step erased that promise entirely.

The Groth16 verifier deployed on both Ethereum and Base had set two critical constants - gamma and delta - to the same elliptic curve point, collapsing the entire soundness guarantee of the zk proof system.

No deposit required. No valid witness needed. Just math, iterated by a script, against a verifier that had been broken from day one.

What followed wasn't a sophisticated attack. It was arithmetic.

BlockSec Phalcon flagged it as a copycat of a near-identical exploit on Veil Cash, a smaller Base-network privacy protocol drained just days earlier for 2.9 ETH.

Someone pointed the same technique at a larger target and walked away with $320K, legitimately, as it turned out.

Because FoomCash had posted a public bounty challenge on Bitcointalk with one rule: THE ONLY RULE IS CODE.

A separate actor drained the Ethereum side in a claimed rescue, later confirmed as Decurity.

The team had been silent since approximately November 2025 before any of this happened.

When your privacy protocol's entire guarantee is 'math can't lie', what happens when the math was always wrong?

Read more »

We provide an anonymous platform for whistleblowers and DeFi detectives to present their information to the community. All authors remain anonymous. 
We are all rekt.