HermesVault Retires After ALGO Exploit
HermesVault has been exploited for about 261,000 ALGO, with affected users set to receive full refunds after the privacy-focused Algorand project identified a flaw outside its zero-knowledge proof system.
The attacker withdrew the ALGO to 2PYF5VFHZYXR7NDXHEPVNJJ73FKTXKTQ3TAUH6ZIIEEL73MCTXUN4GQEL4. Using current ALGO market prices, the withdrawn amount was worth roughly $30,000. The dollar value is modest compared with larger DeFi exploits, but the incident is technically important because it hit a privacy tool built around zero-knowledge withdrawals on Algorand.
HermesVault lets users deposit ALGO into an application smart contract and later withdraw funds using a secret note, while keeping the original deposit source private. The project has now disabled deposits and retired the service after the exploit.
ZK Circuit Was Not The Failure Point
The root cause was not the zk circuit or proof system. The zk component behaved correctly, while the vulnerable path sat in a faulty guard inside the verifier LogicSig against rekeying. That weakness allowed the attacker to rekey the withdrawal verifier and use it to drain funds while bypassing the intended zk verification path.
That distinction matters for users assessing the failure. The exploit did not show that HermesVault’s zero-knowledge proof logic accepted invalid proofs. It showed that surrounding verifier controls can break the security model even when the proof system itself works as expected.
AlgoPlonk, the tooling used to generate Algorand zk verifiers, has been patched so generated verifiers guard against rekeying. The project’s broader tooling supports Algorand smart-contract and LogicSig verifiers, which made the verifier-control issue especially relevant for developers building similar zk applications on the network.
The incident fits a wider pattern across recent smart-contract security failures. Exploits often happen around control paths, verification wrappers, upgrade settings, initialization checks or signing logic rather than the headline cryptographic component itself. Recent ZK crypto risk coverage has already stressed that privacy systems can fail through surrounding metadata, implementation choices and operational assumptions, not only proof math.
Refunds Cover Most Of The Loss
HermesVault has already refunded 230,000 ALGO, leaving about 30,000 ALGO tied to remaining affected users. Anyone who lost funds from the remaining balance can contact info [at] hermesvault [dot] org for a full refund if they can prove control of the deposit address and knowledge of the secret note.
The recovery picture is stronger than many recent DeFi incidents because most funds have already been returned to users or reserved for reimbursement. That places HermesVault closer to a contained exploit-and-refund case than an open-ended loss event. A recent Adshares bridge refund showed a similar recovery-focused outcome after a larger incident moved back toward user protection.
HermesVault’s final status is now clear: deposits are disabled, the service is retired, AlgoPlonk has been patched, and affected users have a refund path for the remaining balance. The follow-up focus moves to whether any other Algorand verifier deployments used similar rekeying assumptions and whether developers using LogicSig-based zk verification need to regenerate or review their verifier code.
Be the first to comment