Dev loses $27M in Ethereum restaking giant Renzo, offers 10% bounty
A crypto developer is pleading for help and offering a bounty worth millions after accidentally sending $25 million of Renzo tokens to the wrong Ethereum address.
The dev sent 7,912 ezETH, a type of liquid restaking token worth over $3,400 apiece, to what is known as a Safe Module instead of a Safe. With funds now frozen, the developer is offering 10% — a $2.5 million reward — to anyone who can retrieve his funds.
The tokens went to an Ethereum contract address labeled ‘CoboSafeAccount.’ Despite having keys to that wallet, the dev’s particular token type and a bug in ERC-20 transaction handling prohibit recovery. That CoboSafeAccount now holds about $27 million in Renzo Restaked ETH (ezETH) — slightly higher than his initial deposit due to Monday’s rally in the price of ether (ETH).
Renzo is a liquid restaking protocol that interoperates with EigenLayer, a layer 2 on Ethereum. It allows users to gain access to Ethereum’s proof-of-stake yield by simply owning ezETH rather than actually staking ETH as a solo staker.
Renzo currently boasts $1.6 billion in total restaking value on its platform.
A bug in ERC-20 transaction handling?
A hacker who goes by “Dexaran” commented on the $27 million in frozen ezETH, saying the problem is a security issue with ERC-20 contracts that Ethereum developers have failed to fix since 2017. Specifically, Dexaran says ERC-20 transfer functions lack proper handling protocols.
It also lacks failsafe defaults and error-handling protocols that would have prevented errors like the one committed by the CoboSafeAccount owner.
Dexaran says he developed the ERC-223 standard, which adds allegedly superior transaction handling. He also engaged with Ethereum developers about ERC-223 with limited success.
The CoboSafeAccount owner confirmed that the contract had no transfer function.
Read more: Ethereum centralization is becoming a serious problem
Will a bounty bring Renzo to the rescue?
At this point, according to many comments on X, Renzo’s own developers are probably the only way for the beleaguered dev to recover his $27 million. Renzo, as owner of the ezETH contract, could update the contract to allow funds to be retrieved. However, that would require gaining the cooperation of devs responsible for a billion-dollar protocol.
Some commenters suggested offering Renzo the bounty while others offered to negotiate with Renzo or recommended putting social pressure on the team.
Some also suggested that the CoboSafeAccount owner could add himself as a delegate and use execTransaction to get the funds out if he controls the contract. That method does not yet seem successful.
The resolution of the issue is still pending. Renzo might decide to update their contract to give this developer a workaround to the bug in ERC-20 transaction handling. However, it is equally likely that the funds will be stuck forever.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.