File this one under "the audacity".
On March 17, blockchain security company BlockSec observed an attacker trying to exploit a vulnerability in the NFT lending project Paraspace. Although they had successfully identified a vulnerability that could have allowed them to steal 2,900 ETH (a bit over $5 million), their attempt to execute the hack failed because they didn't correctly estimate what it would cost them in gas fees.
After observing the attempt, BlockSec executed a whitehat rescue, where they successfully executed the same attack to remove the funds from Paraspace and secure them until they could return them to the project team.
Incredibly, the exploiter sent an on-chain message to BlockSec: "hey man, I am the one who made the contract you just copied, I couldn't make it work for a stupid gas estimation error. since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck". Altogether, the would-be attacker spent around 0.7 ETH (~$1,200) on gas fees while trying to pull off the hack.