Reading time: ~2 m
The Wormhole crypto bridge paid out $10 million to a white hat hacker who revealed a bug in his main Ethereum bridge contract in February.
This person is known by the pseudonym satya0x, according to an announcement from Immunefi, which has partnered with Wormhole to host its bug-finding platform.
Wormhole announced the program back in February, shortly after losing nearly $323 million in ETH as a result of one of the largest deFi protocol exploits to date. Soon after, it added to its blockchain bridge, also offering the attacker $ 10 million if the funds are returned.
The Wormhole program offers a reward depending on how serious the threat is. For example, a “low”level smart contract error can bring someone up to $ 2500, and a “critical” error can lead to a prize of up to $ 10 million – exactly as much as was awarded to satya0x.
“Wormhole sends a clear message with this payout to the best, most talented white hats on the planet that if they responsibly uncover security vulnerabilities for Wormhole, they will be well taken care of,” Immunefi said.
Immunefi said user funds were not lost before the bug was reported, as Wormhole was able to respond quickly to it by checking and fixing the issue on the same day (Feb. 24).
In a statement released by the crypto platform, satya0x said that blockchain security concerns pose an “existential threat” to its future.
“I am proud to have played a role in addressing a serious vulnerability and systemic threat to the ecosystem,” satya0x said.
The error was related to Wormhole’s ability to update smart contracts. Essentially, this could potentially allow a hacker to gain control of these contracts. In a blog post, Immunefi detailed the issue that led to the security vulnerability and how to fix it.
Satya0x also said, “If we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tools users need to make informed decisions; if we continue to condemn simple mistakes, praising the overall lost value as the only measure of success, we risk contributing to the revival of the very power structures that we seek to destroy.”
#Wormhole #paid #10mn #detected #error