Second-largest Bug Bounty of $6M Paid to White Hacker by Aurora

• Pwning.eth, a white hat hacker, found and alerted Aurora to a vulnerability.
• The $10 million prize for the Solana bridge Wormhole warranted more attention.

After helping identify a vulnerability, Aurora, a blockchain bridge project, gave out the second-largest award in crypto history. Pwning.eth, a white hat hacker, found and alerted Aurora to a vulnerability in the Aurora Engine of the project.

The NEAR Protocol was used to construct the Aurora Engine, an Ethereum Virtual Machine. It enables developers to work on NEAR and Ethereum projects simultaneously. Hackers may have used this “infinite spending” flaw in the Aurora EVM to create arbitrary Ethereum at an exponential rate, according to Immunefi.

Much Needed Practise to Safeguard Against Hacks

As much as 70,000 ETH ($130 million) and $200 million in other assets might have been lost due to the attack, Immunefi believes. However, the project promptly fixed the error, so no money was lost.

Frank Braun, Head of Security at Aurora Labs, stated that “such a vulnerability should have been discovered at an earlier stage of [our] defense pipeline.” However, he added that Immunefi’s bug bounty program has been “valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner.”

After reporting the flaw to Immunefi on April 26, Pwning.eth received a $6 million bug reward. Immunefi estimates that Aurora’s $6 million prize is the second-largest bounty ever handed out in crypto history. When it came to a bounty, only the $10 million prize for the Solana bridge Wormhole warranted more attention.

Averting more than $20 billion in hack damage, Immunefi has given out over $40 million in rewards so far. Protocols may be devastated by DeFi and blockchain vulnerabilities. Mirror Protocol, a company that creates digital synthetic assets, was recently the victim of a $2 million attack. It had already suffered a $90 million loss due to another flaw.