A significant security breach has struck the FOOM Club ecosystem, resulting in an exploit of approximately $1.8 million. The attack, which targeted the project’s lottery contract, was triggered by a technical flaw in the Groth16 verifier, leading to a massive drain of digital assets.
The Technical Root Cause
Security analysts at CertiK Alert identified the primary cause of the exploit as a critical misconfiguration within the Groth16 verifier. Specifically, the vulnerability stemmed from the delta2 == gamma2 setting at the contract address 0xc043865fb4d542e2bc5ed5ed9a2f0939965671a6.
This specific error allowed the exploiter to compute a manipulated ‘pC’ (proof calculation) value, effectively bypassing intended security checks to authorize unauthorized withdrawals from the lottery contract.
Breakdown of the Attack
The breach was first flagged by CertiK Alert which detected suspicious transactions on the Base network. The timeline and flow of the attack revealed the following details:
-
Attacker Funding: The address responsible for the exploit was initially funded via Binance on the Base network.
-
Malicious Deployment: The attacker deployed a specialized contract to extract assets from “Foom Club: FOOM.Cash”.
-
Asset Drain: A total of 4,588,196,709,531 $FOOM tokens were extracted during the initial phase of the incident.
-
Impacted Accounts: Amidst the exploit, it was noted that the @foomclub account on X had been suspended.
Whitehat Rescue Efforts
Following the detection of the exploit, on-chain data indicated a potential “whitehat rescue” operation. According to Beosin Alert, a significant portion of the funds was transferred to the address whitehat-rescue.eth.
Etherscan transaction records Feb-26-2026 07:39:11 AM UTC confirm multiple high-value transfers from the FOOM Lottery contract to the rescue address. These transfers included batches of several billion $FOOM tokens, valued at hundreds of thousands of dollars each, intended to secure the remaining treasury from further malicious drainage.
Current Status and Market Impact
The total value lost or moved during the event is estimated at $1,822,676.34. While the whitehat intervention may recover a portion of these assets, the incident highlights the persistent risks associated with Zero-Knowledge (ZK) proof configurations in decentralized applications.
Investors are urged to remain cautious as the FOOM team and security firms continue to analyze the extent of the damage. This event serves as a stark reminder that even mathematically “proven” systems like Groth16 can fail if parameters are misconfigured. This incident follows a worrying trend of DeFi vulnerabilities, much like the recent Holdstation security breach where hundreds of thousands in USDT were confirmed stolen due to protocol exploits.
