Veil Cash

avoid.net/veil-cash→38/100·72% conf.

[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]

38/100

[WARNING]72% conf.

Summary

Veil Cash is a zero-knowledge privacy protocol deployed on Coinbase's Base L2 network, enabling anonymous ETH and USDC transfers via zk-SNARK proofs and a UTXO model. In February 2026 the protocol's legacy pools were exploited due to an incomplete Groth16 trusted-setup ceremony, resulting in 2.9 ETH being drained before funds were returned by the exploiter. The incident attracted industry attention because the same misconfiguration pattern was subsequently replicated in a larger $2.26 million exploit of FoomCash, raising broader questions about cryptographic setup hygiene across ZK DeFi protocols.

Connected Entities

1 entities

Organizations

□Veil Cash

Relationships

Have evidence about Veil Cash?

Timeline(10 events)

2024-01-01

Veil Cash protocol launches on Base L2 with zk-SNARK privacy pools for ETH and USDC.

2024-06-01

Coinbase EAS (Ethereum Attestation Service) integration introduced, allowing Coinbase-verified users auto-approval into verified pools.

2025-01-01

Pashov Audit Group completes a security review of Veil Cash smart contracts; the Groth16 verifier contract is explicitly listed out of scope.

2026-02-21

Attacker exploits the Groth16 verifier misconfiguration (delta == gamma) in Veil Cash's legacy Base pool, executing 29 fraudulent withdrawals and draining 2.9 ETH in a single transaction.

2026-02-21

DefimonAlerts (Decurity security firm) intervenes and rescues remaining pool funds from the legacy pools.

2026-02-21

Exploiter returns all drained funds unprompted at approximately 22:05 UTC; 100% of Veil Cash user funds recovered.

2026-02-22

Public proof-of-concept for the Veil Cash Groth16 exploit published on GitHub by researcher DK27ss. Rekt.news covers incident as 'The Unfinished Proof'.

2026-02-22

Pashov Audit Group publicly confirms on X that the verifier was out of scope for their audit engagement.

2026-02-26

FoomCash suffers a $2.26 million exploit using the identical Groth16 misconfiguration pattern first publicly documented in the Veil Cash incident.

2026-03-01

CryptoTimes and Halborn publish post-mortems linking the FoomCash exploit directly to the Veil Cash incident as the originating template.

Provenance & Audit Trail

Anchored on Solana Verify on-chain src:defillama

Decision Log

#3review revise-10⛓ anchored · slot 4239437766/3/2026, 3:18:31 AM
hash: 6UbtxyB86cqgY2tWMFQaBCmVGroKPTeUkVapaH1iwxZz
#2review⛓ anchored · slot 4239437706/3/2026, 3:18:31 AM
hash: 848Fxaa1iBMTjdcSyHJDKTrSjmazjTobdeNUZ3qfmqCt
#1publish⛓ anchored · slot 4229703755/29/2026, 3:59:53 PM
hash: FYiVNJqQoVU6vj17cmHKU8hrk7vTJvBoFxq3CZEdmwkv

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

full audit log →version history →

model: claude-sonnet-4-6

generated: 5/4/2026, 2:54:13 AM

last updated: 6/3/2026, 3:18:30 AM

avoid.net — verified advice for a post-truth world