Aurora Labs pays $6 million reward to hacker who saved 70,000 ETH from getting stolen

Quick Take

  • Aurora Labs rewarded $6 million to a white hat hacker who reported a bug through Immunefi.
  • It said that the hacker detected a vulnerability that put over 70,000 ETH at risk.

Aurora, an Ethereum compatible blockchain on the NEAR Protocol, paid a $6 million bounty reward to an ethical hacker known as pwning.eth, who discovered a critical vulnerability on the network in April. 

The vulnerability was reported through the bug bounty platform Immunefi, and was patched before any hack took place or funds were lost. 

Per Immunefi, this was a critical inflation bug on Aurora Engine, an Ethereum Virtual Machine (EVM) environment built on the NEAR protocol. This is where users can deposit ETH and ERC-20 tokens from the Ethereum mainnet to NEAR.

That bug in the Aurora engine could have allowed a malicious entity to mint new ETH and drain more than 70,000 ETH, worth about $122 million currently and $210 million when the bug was reported.

"Our bug bounty program with Immunefi proved very valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner," stated Frank Braun, head of security at Aurora Labs. "Such a vulnerability should have been discovered at an earlier stage of the defence pipeline and we have already started improving our methods to achieve that in the future. However this event ultimately proves that our security mechanisms work,” Braun added.

The bug bounty program from Aurora is still live on Immunefi, as well as many other programs. To date, Immunefi claims to have helped ethical hackers and security researchers earn $40 million in total rewards. In the month of May, Immunefi revealed that Wormhole paid out $10 million to a white hat hacker through its platform.


© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is a reporter who has covered the ins and outs of the tech industry for more than half a decade. Prior to joining The Block, Vishal worked for media firms like Crypto Briefing, IDG ComputerWorld and CIO.com. Follow him on Twitter @vishal4c.