QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$100 000 USD
MARCH 2025
GLOBAL
ALKIMIYA
DESCRIPTION OF EVENTS
Alkimiya is a market protocol designed to trade on fundamental blockchain and macroeconomic metrics, rather than speculation or hype. It offers users the ability to create strategies around real economic indicators like blockspace demand, on-chain revenue, stablecoin supply, and more. These metrics are public, verifiable, and aim to be predictive of broader market trends.
At the core of Alkimiya is Forecast, its flagship product that transforms raw data into live, tradable markets. Forecast differs from typical binary prediction markets by offering continuous payoffs (more accurate predictions earn more), bounded risk (with caps and floors on outcomes), and a data-driven approach focused on measurable trends rather than volatile narratives like meme coins.
Users can trade on metrics such as BTC transaction fees, Ethereum base revenue, and USDC supply velocity, each supported by dedicated strategy handbooks. Launched in August 2024 and backed by top investors like Coinbase Ventures and Dragonfly, Alkimiya empowers traders, builders, and funds with tools to anticipate market movements through real-world data insights.
The root cause of the exploit in the SilicaPools contract lies in the unsafe downcasting of the shares variable from uint256 to uint128 within the collateralizedMint function. The attacker exploited this truncation vulnerability by minting a massive number of shares—specifically, 2^128 + 1. While the full 256-bit value was accepted by the function, the internal logic only stored the lower 128 bits, effectively recording just 1 share instead of the full amount.
The attacker orchestrated the exploit using a flash loan of 10 WBTC, and then minted the large share amount by supplying around 1.7 WBTC as collateral. The system processed the full value of shares for minting, but due to the cast to uint128, only 1 share was officially recorded in the contract's state. After this, the attacker cleverly transferred most of the minted shares (2^128 - 1) away, leaving behind just 2 shares.
Later, the attacker called the redeemShort() function. This function checked the internal state, which believed only 1 share had been minted (due to the cast error), but saw that the attacker held 2 shares. Believing the attacker had over 100% of the supply, the contract allowed them to redeem the full value of the short position—about 3.4 WBTC, which was double the initial collateral.
Attacker address: 0xF6ffBa5cbF285824000daC0B9431032169672B6e
Attacker’s contract: 0x80bf7db69556d9521c03461978b8fc731dbbd4e4
Attack transaction: 0x9b9a6dd05526a8a4b40e5e1a74a25df6ecccae6ee7bf045911ad89a1dd3f0814
Vulnerable contract: 0xf3f84ce038442ae4c4dcb6a8ca8bacd7f28c9bde
TenArmor has estimated the amount lost at $95.5k USD.
Upon detecting the exploit, the Alkimiya team acted swiftly by taking the affected systems offline, limiting the compromise to 1.14 WBTC. A known whitehat intervened to frontrun the malicious transaction, ensuring that all funds were ultimately recovered. The team expressed gratitude to @_SEAL_Org for their assistance, reaffirmed their commitment to decentralization and open-source development, and emphasized their determination to strengthen security while continuing to build an open financial system.
All compromised funds were recovered and no user funds were lost. Although 1.14 WBTC was initially compromised, a whitehat hacker successfully frontran the malicious transaction, returning the funds. The Alkimiya team contained the threat quickly, took affected systems offline, and reinforced their commitment to security and decentralization going forward.
"This weekend Alkimiya was attacked by as of yet unknown hacker. Don't worry, all funds are safe.
This was a sophisticated exploit which necessitated intimate knowledge of our stack. It is obvious that whoever is responsible spent considerable time studying our systems. We quickly took the relevant parts of the system offline, and only 1.14 WBTC was compromised before further damage. Fortunately, a known whitehat frontran the malicious transaction. We are glad to say all funds have been returned.
We also want to give our most sincere and heartfelt thanks to @_SEAL_Org for springing to our aid and all the info they have been able to provide.
We always knew there are risks to decentralization and open source development. We will not be abandoning our core principles. Instead, we will work hard to ensure our systems are secure, continue to work with others in the space to share ideas and best practices, and above all we will double down on building the new and open financial system.
There are a lot of bad actors in this space, but as a result of this experience we are even more convinced that there are more good ones than bad ones, and that together we win."
All compromised funds were recovered and no user funds were lost. Although 1.14 WBTC was initially compromised, a whitehat hacker successfully frontran the malicious transaction, returning the funds.
There remains an investigation into the identity of the attacker. The hacker remains unknown, and it’s clear they had intimate knowledge of Alkimiya’s system, suggesting a deeper breach of understanding or possible insider knowledge.
Root cause analysis, attacker identification, and long-term security hardening are still in progress.
Alkimiya, a protocol for trading on real blockchain and macroeconomic metrics, was recently targeted in a sophisticated exploit due to an unsafe type cast (from uint256 to uint128) in its SilicaPools contract. The attacker used a flash loan to exploit this truncation vulnerability, allowing them to mint and manipulate share records, ultimately redeeming more than their fair share of collateral. Although 1.14 WBTC (approx. $95.5K) was briefly compromised, a whitehat intervened to frontrun the malicious transaction, successfully recovering all funds. The Alkimiya team acted quickly to contain the issue, took affected systems offline, and is continuing its investigation into the attacker’s identity while reinforcing system security. No user funds were lost.
TenArmor - "Yesterday's attack involving #Alkimiya @alkimiya_io on #ETH resulted in an approximate loss of $95.5K." - Twitter/X (Aug 13)
Yoinked Attack Transaction - Etherscan (Aug 13)
Rotciv - "Origin attacker TX(reverted)" - Twitter/X (Aug 13)
Original Attack Transaction - Etherscan (Aug 13)
Alkimiya Hack Analysis - VeriChains Blog (Aug 13)
Leozayaat - "This weekend Alkimiya was attacked by as of yet unknown hacker. Don't worry, all funds are safe." - Twitter/X (Aug 13)
Alkimiya Twitter/X Account (Aug 13)
Alkimiya Homepage (Aug 13)
Introduction to Alkimiya - Alkimiya Documentation (Aug 13)
