Aurora Pays Out $6m Bug Bounty To White Hat Hacker

Key Takeaways

  • Aurora has paid out a $6 million bug bounty to a white hat hacker who warned it of a attainable $330 million exploit.
  • ImmuneFi, which coordinated the bounty and payout, says that the quantity is the second largest reward in crypto historical past.
  • The Aurora payout is surpassed solely by a $10 million bug bounty from Wormwhole, which was paid out in Might.

Share this text

Aurora, a blockchain bridge venture, has paid out the second-largest reward in crypto historical past after being knowledgeable of a vulnerability.

$330 Million In Losses Averted

A white hat hacker by the identify of Pwning.eth found and notified Aurora of an exploit within the venture’s Aurora Engine.

The Aurora Engine is an Ethereum Digital Machine (EVM) constructed on the NEAR Protocol. It permits builders to develop and ship apps for each platforms—NEAR and Ethereum—directly.

Immunefi stated in an announcement that the bug involved an infinite spending vulnerability that “might have been exploited to mint arbitrary ETH within the Aurora EVM at an exponential velocity.”

Immunefi estimates that Aurora might have misplaced as much as 70,000 ETH ($130 million) plus $200 million in different property by means of the exploit. No funds had been misplaced, although, because the venture rapidly patched the bug.

Frank Braun, Head of Safety at Aurora Labs, acknowledged that “such a vulnerability ought to have been found at an earlier stage of [our] protection pipeline.” Nonetheless, he added that Immunefi’s bug bounty program has been “helpful in incentivizing white hats to take a look at our code base and disclose bugs in a accountable method.”

Pwning.eth was awarded a $6 million bug bounty after alerting the venture of the difficulty by way of Immunefi on April 26.

Bug Bounty Breaks Information

In line with Immunefi, the $6 million reward paid by Aurora is the second-largest bounty ever delivered in crypto historical past.

Just one different bounty had a better reward: a $10 million reward for the Solana bridge Wormhole that was paid out in May.

Immunefi can be providing a $10 million reward for the stablecoin venture MakerDAO that has not but been paid out, which might overtake at the moment’s payout and make it the third-largest in historical past.

Thus far, Immunefi has paid out greater than $40 million in bounties and averted north of $20 billion in hack harm.

DeFi and blockchain exploits may be catastrophic for protocols. Final week, digital artificial property creator Mirror Protocol suffered a $2 million hack that nearly destroyed the venture altogether. It beforehand misplaced $90 million to a distinct vulnerability.

Disclosure: On the time of writing, the writer of this piece owned ETH and several other different cryptocurrencies. 

Share this text

Leave a Comment

Your email address will not be published.