The EVM built on the NEAR protocol, Aurora, paid a whitehat hacker $6 million for reporting a critical vulnerability that could have resulted in a direct loss of 70k ETH and $200 million to Aurora. It is alleged to be the second-largest bounty payout in DeFi history.
On April 26, ethical security hacker pwning.eth reported the bug. Immunefi, a leading platform for Web 3.0 bug bounties, facilitated the sum.
The Ethereum bridging and scaling solution expressed gratitude, stating that this bug affects the complex integration logic of the NEAR and Aurora runtimes and that such a discovery would have been impossible without deep analysis from pwning.eth.
Frank Braun, Head of Security at Aurora Labs, stated that “such a vulnerability should have been discovered at an earlier stage of [our] defense pipeline.”
However, he added that Immunefi’s bug bounty program has been “valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner.”
Immunefi has paid out over $45 million in bounties, including the largest one in DeFi history so far.
Also read: Wormhole Rewards White Hat Hacker With $10M Bug Bounty
Mitchell Amador, founder, and CEO at Immunefi said, “Hats off to Aurora and pwning.eth for the flawless overall processing of the report. The bug was quickly patched, with no user funds lost.”
