More than $200 million in user funds could be at risk if the white hats exploit the vulnerability for personal gain instead of reporting it to the developers.
On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced that it had paid a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit is said to have jeopardized more than $200 million worth of capital. The amount was paid in partnership with Immunefi, the leading web 3.0 bug bounty platform with over $145 million in available bounty and over $45 million in payouts.
On April 26, Immunefi received a report from pwning.eth about a critical vulnerability in the Aurora Engine that would allow ETH to be minted indefinitely in the Aurora Ethereum virtual machine to create the corresponding nested pool of ETH (nETH). NEAR to empty and exchange. At the time of discovery, the pool contained over 70,000 ETH worth at least $200 million.
Mitchell Amador, Founder and CEO of Immunefi said: “Hots to Aurora and pwning.eth for the overall flawless execution of the report. The bug was quickly fixed without losing users’ money.” Aurora launched a bug bounty program with Immunefi just a week before discovering the vulnerability. Meanwhile, Frank Brown, Head of Security at Aurora Labs, commented, “We view the bug bounty program as the final step in a layered defense approach and will use this bug as a learning opportunity to improve earlier steps such as internal audits and external audits.” ” .Exams.
Although internetworking protocols may be innovative, they have recently become a prime target for hackers. In February, one of the biggest decentralized finance hacks of all time took place when a wormhole bridge token was stripped of more than $321 million in digital assets after hackers exploited an endless minting error between its wrapped ETH and the ETH pool.
