Hack-Attack Ethermint

Ethermint Exploit Averted: How Developers Protected the Cosmos Ecosystem from an Eight-Figure Loss

Ethermint plays a crucial role in the Cosmos ecosystem, enabling Ethereum smart contracts across multiple chains such as Cronos, Kava, and Canto. Unfortunately, jump Crypto, a leading crypto trading firm, recently discovered a potentially devastating vulnerability. This vulnerability could have caused an impact of up to eight figures in U.S. dollars. 

However, thanks to the swift and collaborative actions of the Evmos Core Development team, Cronos team, and Jump Crypto, the exploit was successfully averted, ensuring the stability and security of the affected chains.

A Close Call: Ethermint Vulnerability Uncovered

The bug could have allowed attackers to bypass specific smart contract functions known as handlers. That would have led to transaction fee theft and denial of service for users within the Cosmos ecosystem. 

The root cause of the vulnerability was traced to improper handling of transactional messages in the Ethermint implementation, particularly the interaction between the MsgEthereumTx message and the MsgExec message.

Upon receiving the vulnerability report, the Evmos Core Development and Cronos teams immediately collaborated with Jump Crypto to address the issue. 

The implemented solution involved creating a patch to block transactions containing ‘MsgEthereumTx’ messages, eliminating the attack vector. This decisive and timely response ensured that no malicious exploitation occurred, preserving the stability and reliability of the affected chains.

Rewarding Responsible Disclosure: Jump Crypto’s Bounty

In recognition of Jump Crypto’s efforts in discovering and disclosing the vulnerability, the Cronos team awarded the firm a $25,000 bounty. This act highlights the importance of responsible disclosure and collaboration between different parties in the cryptocurrency industry to maintain the security and integrity of the ecosystem.

Understanding the Vulnerability: MsgEthereumTx and MsgExec Messages

The MsgExec message is utilized in the Cosmos SDK to enable authorized message execution. It allows one account to grant authorization to another account for specific actions. However, this feature was not correctly secured, enabling attackers to bypass the ‘EthGasConsumeDecorator,’ responsible for deducting gas fees from transactions.

The attacker could have exploited the vulnerability by embedding a MsgEthereumTx message within a MsgExec message, effectively bypassing the EthGasConsumeDecorator. That would have allowed the attacker to avoid paying gas fees for their transactions, leading to potential transaction fee theft and other negative consequences.

The successful prevention of the Ethermint exploit serves as a reminder of the importance of security, collaboration, and responsible disclosure in the rapidly evolving world of cryptocurrencies. 

Thanks to the combined efforts of the Evmos Core Development team, Cronos team, and Jump Crypto, a potentially catastrophic eight-figure loss was averted, safeguarding the Cosmos ecosystem and its users. This incident highlights the need for continued vigilance and cooperation among industry players to ensure the ongoing stability and growth of the cryptocurrency space.

JP Buntinx
JP Buntinx has been writing about cryptocurrency since 2012. His interest in crypto, blockchain, fintech, and finance allows him to cover a broad range of different topics.