Scaling Ethereum Solution Aurora Pays Hackers a $2 Million Bug Bounty
A $2 million bug bounty has been paid out to two whitehat hackers who discovered vulnerabilities in Aurora, an Ethereum Virtual Machine (EVM) compatible scaling and bridging solution built on top of the NEAR Protocol blockchain network. The vulnerabilities were discovered back in June.
The whitehat hackers will each earn $1 million of ImmuneFi's platform-named native token streamed linearly over a year, according to a blog post the major web 3 bug bounty site that arranged the deal.
The permissionless bridging capabilities that Aurora provides between the NEAR Protocol and Ethereum were the subject of the vulnerabilities that the hackers found. The platform used a separate ERC-20 (fungible token standard) called NEP-141, which was the first vulnerability. An attacker might be able to do this to produce worthless NEAR tokens, connect them to Aurora, and then use those tokens to withdraw ETH from Aurora users' addresses.
The bridge's burn feature was the subject of the second bug. An attacker might have fabricated a "fake burn event" on Aurora and utilized it to extract ETH from the protocol's reserve.
According to the blog post, both vulnerabilities have been addressed without costing consumers any money. DeFi security firm Halborn published the initial information on the flaws.
"We want to express our gratitude to the anonymous whitehat for doing an outstanding job and appropriately reporting such a critical bug. Also deserving of praise is the Aurora team's prompt response to the issue and patching "In the post, ImmuneFi stated.
Hacks remain a serious issue for blockchain platforms.
Not all cross-bridge blockchain platforms have had the same good fortune as Aurora in managing significant vulnerabilities without suffering financial losses. Bridge protocols have already suffered a 2022 loss of over $1.4 billion due to hackers, according to a CNBC story from August.
The research mentions that shoddy engineering is partially to blame for the frequent attacks on bridges. The Ronin Network breach by Axie Infinity, as well as those of Harmony Horizon, Wormhole, and Nomad, all involved this.
They are not the only area of the cryptocurrency market being targeted by fraudsters, though. According to the New York Times, hackers have taken more than $2 billion in total this year from the cryptocurrency sector. The research indicated that the trend indicates the necessity for more thorough investigation and management of the area.