Danger averted for Polkadot, the flagship project of the Web3 Foundation, co-founded by Gavin Wood, one of the original co-founders of Ethereum and former CTO of the Ethereum Foundation.
Apparently, the Immunefi researcher known as Pwning.eth recently helped three Polkadot parachains avoid a potential attack. Indeed, he discovered a critical vulnerability on the networks in time, for which those responsible did not hesitate to reward him.
Polkadot and the possible attack: here’s what happened
As anticipated, a $200 million loss was narrowly avoided for the prestigious Polkadot blockchain. In fact, thanks to the vigilance of security researcher Pwning.eth, Polkadot-based networks were able to avoid a possible attack.
The news was confirmed by The Block in a tweet on 6 January, which read:
Immunefi researcher saves $200 million from potential theft on three Polkadot parachainshttps://t.co/FUr567wVri
— The Block (@TheBlock__) January 6, 2023
Specifically, the three Ethereum-compatible parachains on Polkadot that were about to be stolen are: Moonbeam, Astar Network, and Acala. The researcher found and reported the critical vulnerability in June in software called Frontier that is used to “pack” native tokens on the three blockchain (or parachain) projects on the Polkadot network.
The report was presented on 27 June on the cryptocurrency-focused bug-hunting platform Immunefi, but was only recently disclosed. A representative of Immunefi said on the matter:
“Pwning.eth found a bug that impacted the entire Polkadot ecosystem and would allow hackers to steal over $200 million across Moonbeam, Astar Network and Acala. They were all vulnerable to a bug that could have allowed attackers to mint encapsulated native tokens.”
In this case, wrapping is the process of converting native blockchain crypto assets into tokens that can be more readily supported by apps. It is done with the use of a smart contract, which holds the native tokens in escrow and releases the wrapped tokens to the user.
The vulnerability on the three chains could have been exploited to mint unlimited wrapped tokens, including Wrapped Astar (WASTR) on Astar, Wrapped Moonbeam (WGLMR) on Moonbeam, and Wrapped Moonriver (WMOVR) on Moonriver, a sister network of Moonbeam.
The reward for the Pwning.eth researcher: $1 million
It was estimated that the value of the resources exposed to the vulnerability for Polkadot was about $200 million across the three parachains, Immunefi said. After the vulnerability was reported, the three parachain teams worked to fix it and released an emergency patch before any malicious parties could exploit it. No funds were lost.
Moonbeam and Astar, which have active bug-bounty programs with Immunefi, awarded $1 million to the ethical hacker through Immunefi. Parity, developer of Frontier Library, decided to contribute $250,000 to the $1 million reward, despite not having a bug bounty with Immunefi.
Pwning.eth is no stranger to finding critical bugs and being awarded large sums. In fact, in early 2022, the hacker was rewarded with a $6 million bounty after discovering a vulnerability in Aurora, an EVM-compatible blockchain for the NEAR protocol, saving about 70,000 ETH worth $200 million at the time.
If the vulnerability on Polkadot’s three parachains had not been discovered in time, a significant problem would have arisen. In fact, hackers would have been able to use it to mint an unlimited number of wrapped tokens. Anyway, once Pwning.eth reported the bug, the three parachain teams fixed it and then released an emergency patch, preventing any loss of funds.
Will Polkadot be the blockchain driving Web3?
Polkadot, among other things, is a Web3 project that aims to develop IT infrastructure for a decentralized web, at the center of which, along with other projects, will be blockchain.
Recently, Bill Noble, an experienced Wall Street tech analyst, spoke of an inevitable “crypto spring.” Which is to say, a very close crypto market recovery, with Web3 as the next Internet, led by Polkadot and Ethereum.
Noble appears to be bullish on Ethereum as the backbone of Web3. Indeed, he argued that bear markets are the best times to study and learn, because it is in these phases that the market decides who will win and who, on the other hand, will lose. According to him, Web3 will be the next Internet, led by Ethereum and Polkadot.
Source: https://en.cryptonomist.ch/2023/01/09/major-loss-avoided-for-polkadot/