On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced that it had paid a $6 million bounty to ethical security hacker pwning.eth who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly compromised over $200 million in capital. The amount was paid in partnership with Immunefi, the leading Web 3.0 bug bounty platform, with $145+ million in bounty available and $45+ million in bounty paid out.

- Advertisement -

On April 26, Immunefi received a report from pwning.eth about a critical vulnerability in the Aurora Engine that would allow ETH to be minted indefinitely in the Aurora Ethereum virtual machine to drain and swap the corresponding nested pool of ETH (nETH) to NEAR. . At the time of discovery, the pool held over 70,000 ETH worth at least $200 million.

- Advertisement -

Mitchell Amador, founder and CEO of Immunefi, said: “Hats off to Aurora and pwning.eth for the flawless overall handling of the report. The bug was quickly fixed, without loss of users’ funds.” Just a week before the security vulnerability was discovered, Aurora launched a bug bounty program with Immunefi. In the meantime, Frank Brown, head of security at Aurora Labs, commented: “We view the bug bounty program as the final step in a layered defense approach and will use this bug as a learning opportunity to improve previous steps such as internal audits and external audits. audits.

- Advertisement -

Although internetworking protocols may be innovative, they have become a prime target for hackers in recent times. February saw one of the biggest decentralized finance hacks ever when the Wormhole token bridge was drained of more than $321 million in digital assets after hackers took advantage of an endless minting crash between its wrapped ETH and the ETH pool.