Aurora, an Ethereum compatible blockchain on the NEAR Protocol, paid a $6 million bounty reward to an ethical hacker known as pwning.eth, who discovered a critical vulnerability on the network in April.
The vulnerability was reported through the bug bounty platform Immunefi, and was patched before any hack took place or funds were lost.
Per Immunefi, this was a critical inflation bug on Aurora Engine, an Ethereum Virtual Machine (EVM) environment built on the NEAR protocol. This is where users can deposit ETH and ERC-20 tokens from the Ethereum mainnet to NEAR.
That bug in the Aurora engine could have allowed a malicious entity to mint new ETH and drain more than 70,000 ETH, worth $210 million when the bug was reported in April 2022.
"Our bug bounty program with Immunefi proved very valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner," stated Frank Braun, head of security at Aurora Labs. "Such a vulnerability should have been discovered at an earlier stage of the defence pipeline and we have already started improving our methods to achieve that in the future. However this event ultimately proves that our security mechanisms work,” Braun added.
The bug bounty program from Aurora is still live on Immunefi, as well as many other programs. To date, Immunefi claims to have helped ethical hackers and security researchers earn $40 million in total rewards. In the month of May, Immunefi revealed that Wormhole paid out $10 million to a white hat hacker through its platform.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.