Exclusive

Aurora Labs pays $6 million reward to hacker who saved 70,000 ETH from getting stolen

Quick Take

  • Aurora Labs rewarded $6 million to a white hat hacker who reported a bug through Immunefi.
  • It said that the hacker detected a vulnerability that put over 70,000 ETH at risk.

Aurora, an Ethereum compatible blockchain on the NEAR Protocol, paid a $6 million bounty reward to an ethical hacker known as pwning.eth, who discovered a critical vulnerability on the network in April. 

The vulnerability was reported through the bug bounty platform Immunefi, and was patched before any hack took place or funds were lost. 

Per Immunefi, this was a critical inflation bug on Aurora Engine, an Ethereum Virtual Machine (EVM) environment built on the NEAR protocol. This is where users can deposit ETH and ERC-20 tokens from the Ethereum mainnet to NEAR.

That bug in the Aurora engine could have allowed a malicious entity to mint new ETH and drain more than 70,000 ETH, worth $210 million when the bug was reported in April 2022.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"Our bug bounty program with Immunefi proved very valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner," stated Frank Braun, head of security at Aurora Labs. "Such a vulnerability should have been discovered at an earlier stage of the defence pipeline and we have already started improving our methods to achieve that in the future. However this event ultimately proves that our security mechanisms work,” Braun added.

The bug bounty program from Aurora is still live on Immunefi, as well as many other programs. To date, Immunefi claims to have helped ethical hackers and security researchers earn $40 million in total rewards. In the month of May, Immunefi revealed that Wormhole paid out $10 million to a white hat hacker through its platform.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]