On Tuesday, the bridging and scaling solution for Ethereum (ETH), Aurora announced that it had paid a $6 million reward to the ethical hacker, pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The vulnerability allegedly put more than $200 million in assets at risk. The bounty was paid in collaboration with Immunefi, a leading Web 3.0 bug bounty platform, with over $145 million in bounties available and over $45 million paid for bug reports.
April 26, Immunefi received a report from pwning.eth about a critical bug in the Aurora Engine that would have allowed infinite ETH minting in the Aurora Ethereum virtual machine, enough to drain and siphon the entire nested ETH (nETH) pool in NEAR . At the time of discovery, the pool contained more than 70,000 ETH valued at close to $200 million.
Mitchell Amador, Founder and CEO of Immunefi, said: “Hats off to Aurora and pwning.eth for the overall incredible processing of the report. The bug was fixed quickly, without users losing their funds.” Aurora had launched a bug bounty program with Immunefi just a week before discovering the security vulnerability. For his part, Frank Braun, head of security at Aurora Labs, commented: “We view the bug bounty program as the last step in a layered defense approach and will use this bug as a learning opportunity to improve previous steps such as internal reviews and external audits.”
Although arguably innovative, cross-chain communication protocols have been the main target of hackers in recent times. In February, one of the biggest decentralized finance hacks occurred when token bridge Wormhole lost over $321 million in digital assets after hackers exploited an infinite minting flaw between its ETH and ETH wrapped pool.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.