Aurora's devs implied that the loophole should have been identified earlier.
On June 7, Aurora, a DeFi-based decentralized application ecosystem based on third-generation blockchain technology, stated that it awarded an ethical security hacker dubbed pwning.eth $6 million. According to Aurora, this was the second-highest bug bounty that was ever paid in history.
The bug bounty was paid through the partnership with Web3's leading bug bounty platform named Immunefi.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Crypto Wallet? (Explained With Animation)
The “white hat” hacker revealed the critical vulnerability in the Aurora Engine way back in April. According to pwning.eth, this bug might have cost the ETH scaling solution more than $200M of its funds. Moreover, the vulnerability could have been exploited by various hackers to infinitely mint Ethereum (ETH) in the Aurora Ethereum Virtual Machine. In fact, the nested ETH pool reportedly had more than 70K ETH.
CEO and founder of Immunefi Mitchell Amador praised Aurora and the “white hat” hacker for such a fast response as no user funds were lost. On top of that, Frank Braun, the Head of Security at Aurora Labs, added that the ETH scaling solution would investigate the bug bounty initiative “as the last step in a layered defense approach and will use this bug as a learning opportunity to improve earlier steps, like internal reviews and external audits.”
The bug bounty initiative was fired up by Aurora in partnership with Immunefi precisely one week before the issue was identified. Immunefi also reported that it managed to successfully prevent more than $20B in potential damages. Communication Leads at Immunefi Jonah Micheals added:
“At a time of distrust in the markets, it’s important more than ever for Web3 projects to show that they take security seriously.”
Immunefi has supposedly paid out more than $40M in bug bounties and has over $145M bounties available.
Earlier this year, after suffering from a massive hack, Sky Mavis asked “white hat” hackers to identify any possible security vulnerabilities that may be present.
In other news, Aurora and Proximity labs launched a $90 million fund to boost DeFi development on the Near protocol.