Wormhole, a crypto bridge, rewarded a whopping $10 million to a white hat hacker who revealed a problem in its primary bridge contract on Ethereum in February. According to a statement by Immunefi, which teamed up with Wormhole to host its bug bounty programme, the individual goes by the alias Satya0x. Wormhole unveiled the scheme in February, soon after losing over $323 million in ETH to a hacker in one of the biggest DeFi protocol attacks to date. Soon after, it refilled its blockchain bridge, promising the attacker $10 million in exchange for the cash.
Wormhole’s bounty programme offers tiers of incentives based on the severity of the danger. A “low” level smart contract flaw, for example, can earn up to $2,500, but a “critical” one can earn up to $10 million – the same amount that satya0x was rewarded. Immunefi noted:
“Wormhole is sending a clear message with this payout to the best, most talented whitehats on the planet that if they responsibly disclose security vulnerabilities to Wormhole, they’ll be well taken care of.”
Immunefi said that no user funds were lost prior to the flaw being discovered since Wormhole was able to respond swiftly, validating and addressing the issue on February 24. Satya0x stated in a statement issued by the crypto platform that the issues of blockchain security pose an “existential danger” to its survival. Satya0x remarked:
“I am proud to have played a role in mitigating a serious vulnerability and a systemic threat to the ecosystem.”
Satya0x also mentioned:
“If we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tooling needed for users to make informed decisions; if we continue to condemn simple mistakes while praising Total Value Lost as the sole measure of success — we risk enabling the reemergence of the very power structures we seek to destroy.”
Wormhole’s ability to update smart contracts was the source of the problem. In essence, it might allow a hacker to gain control of those contracts. Immunefi outlined the issue that led to the security vulnerability and how it was remedied in a blog post.
Read more:
