Key Takeaways
- Aurora has paid out a $6 million bug bounty to a white hat hacker who warned it of a potential $330 million exploit.
- ImmuneFi, which coordinated the bounty and payout, says that the quantity is the second largest reward in crypto historical past.
- The Aurora payout is surpassed solely by a $10 million bug bounty from Wormwhole, which was paid out in Could.
Share this text
Aurora, a blockchain bridge venture, has paid out the second-largest reward in crypto historical past after being knowledgeable of a vulnerability.
$330 Million In Losses Averted
A white hat hacker by the identify of Pwning.eth found and notified Aurora of an exploit within the venture’s Aurora Engine.
The Aurora Engine is an Ethereum Digital Machine (EVM) constructed on the NEAR Protocol. It permits builders to develop and ship apps for each platforms—NEAR and Ethereum—without delay.
Immunefi stated in an announcement that the bug involved an infinite spending vulnerability that “might have been exploited to mint arbitrary ETH within the Aurora EVM at an exponential velocity.”
Immunefi estimates that Aurora might have misplaced as much as 70,000 ETH ($130 million) plus $200 million in different property via the exploit. No funds have been misplaced, although, because the venture shortly patched the bug.
Frank Braun, Head of Safety at Aurora Labs, said that “such a vulnerability ought to have been found at an earlier stage of [our] protection pipeline.” Nonetheless, he added that Immunefi’s bug bounty program has been “beneficial in incentivizing white hats to have a look at our code base and disclose bugs in a accountable method.”
Pwning.eth was awarded a $6 million bug bounty after alerting the venture of the difficulty by way of Immunefi on April 26.
Bug Bounty Breaks Data
In keeping with Immunefi, the $6 million reward paid by Aurora is the second-largest bounty ever delivered in crypto historical past.
Just one different bounty had a better reward: a $10 million reward for the Solana bridge Wormhole that was paid out in May.
Immunefi can also be providing a $10 million reward for the stablecoin venture MakerDAO that has not but been paid out, which might overtake right now’s payout and make it the third-largest in historical past.
Thus far, Immunefi has paid out greater than $40 million in bounties and averted north of $20 billion in hack injury.
DeFi and blockchain exploits could be catastrophic for protocols. Final week, digital artificial property creator Mirror Protocol suffered a $2 million hack that just about destroyed the venture altogether. It beforehand misplaced $90 million to a special vulnerability.
Disclosure: On the time of writing, the writer of this piece owned ETH and several other different cryptocurrencies.
