What Happened

FOOM Cash

$2.3M|Smart Contract Exploit|February 26, 2026

Incomplete Groth16 trusted setup: Phase 2 circuit-specific contribution was skipped during deployment, leaving gamma2 and delta2 set identically to the BN254 G2 generator default. This degenerate verification key allowed any attacker to forge withdrawal proofs for arbitrary nullifier hashes by computing proof.C = -vk_x via elliptic curve arithmetic. Copycat of the Veil Cash exploit from days earlier. $427K drained by malicious attacker on Base; $1.83M secured by white-hat hacker Duha and Decurity firm on Ethereum. Note: user-reported figure of $0.26M is incorrect; confirmed gross loss is $2.26M.

What Hindenrank Would Have Said

As of January 15, 2026

D+

Risk Score

61/100

“FOOM Cash earns D+ for risk — this privacy lottery protocol stacks two categories of existential risk. First: the Groth16 trusted setup is a single one-time ceremony whose failure cannot be patched and would make all proof verification trivially forgeable, draining 100% of user funds instantly. Second: the explicit Tornado Cash framing invites identical OFAC sanctions that trapped user funds and criminalized developers. Without a verifiable audit, with a silent team, and operating in a regulatorily hazardous space, FOOM Cash is not suitable for any non-speculative capital.”

Mechanism Novelty12/15

Interaction Severity14/20

Oracle Surface4/10

Documentation Quality9/10

Track Record4/15

Scale Exposure3/10

Regulatory Risk9/10

Protocol Vitality6/10

Grade Predicted This Failure

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Documentation Quality, Regulatory Risk

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

1.Protocol's entire security model rests on a one-time Groth16 trusted setup ceremony — if Phase 2 circuit-specific contributions were skipped or corrupted, zkSNARK verification keys are degenerate and all proofs can be forged, enabling complete fund extraction
2.Protocol explicitly markets itself as 'upgraded Tornado Cash' — Tornado Cash was sanctioned by OFAC in August 2022; this direct framing invites identical regulatory action, with potential for contract address blacklisting, exchange delisting, and team prosecution
3.Despite claiming 'comprehensive third-party audit' on the website, no auditor name, audit date, or public report is discoverable — no verification that the critical trusted setup parameters were independently reviewed

Collapse Scenarios

zkSNARK Trusted Setup Compromise Enabling Proof Forgery

Elevated

Trigger

The Groth16 trusted setup was deployed with an incomplete Phase 2 ceremony — the circuit-specific contribution step was skipped, leaving gamma2 and delta2 set identically to the BN254 G2 generator default. This makes the verification key degenerate, allowing any nullifierHash to produce a valid-appearing proof without a corresponding deposit.

Cascade

Attacker or automated scanner checks the deployed verifier contract and detects gamma2 == delta2→The Groth16 soundness property is confirmed to be completely broken; any nullifier hash is withdrawable

Attacker computes forged proof.C = -vk_x for an arbitrary fresh nullifierHash via elliptic curve arithmetic→Forged proof appears mathematically valid to the verifier's pairing check — no secret knowledge required

Forged withdrawal proof submitted to the lottery contract on Base and Ethereum→Verifier accepts proof; nullifier marked as spent; full token value transferred to attacker's address

Attacker repeats for all remaining unspent nullifier hashes across both chains→100% of on-chain liquidity drained; no deposit was ever made by the attacker

Historical Precedent

Veil Cash (same Groth16 gamma2==delta2 flaw, same Circom/snarkJS stack, exploited days before FOOM Cash). Tornado Cash itself was not exploited via proof forgery because its trusted setup ceremony (1114 participants) was well-documented and completed properly.

OFAC Sanctions and Regulatory Shutdown

Moderate

Trigger

OFAC or equivalent regulator adds FOOM Cash smart contract addresses to the Specially Designated Nationals (SDN) list, as was done to Tornado Cash's smart contracts in August 2022. Given FOOM Cash's explicit positioning as 'upgraded Tornado Cash,' it is a direct candidate for identical enforcement.

Cascade

OFAC adds FOOM Cash smart contract addresses to SDN list→US persons prohibited from interacting with FOOM contracts; major front-ends and exchanges block FOOM

FOOM token delisted from centralized exchanges; Uniswap front-end blocks the token→FOOM token effectively untradeable on mainstream venues; market cap collapses to near zero

Relayer operators cease service to avoid regulatory liability→Users cannot withdraw from the lottery contract without revealing their deposit wallet address

Team members identified; potential criminal prosecution for operating sanctioned mixer→Protocol abandoned; user funds permanently trapped in sanctioned contracts with no recourse

Historical Precedent

Tornado Cash (OFAC sanctions August 2022): smart contract addresses added to SDN list; token collapsed; one developer arrested. Roman Storm prosecution (2023-2025): operating a mixer resulted in criminal charges. FOOM Cash's explicit Tornado Cash branding maximizes regulatory targeting risk.

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View Leaderboard All Backtests