WormHole, a Decentralized Finance (DeFi) bridge protocol, has paid out $10 million in Whitehat bounty.
As announced by ImmuneFi, the platform that helped organize the bounty program, the cash reward was paid out to a programmer known as satya0x as he was able to identify a bug that would have or resulting in the exploitation of the Wormhole Bridge.
“A whitehat who goes by the pseudonym satya0x responsibly disclosed a critical bug in the Wormhole core bridge contract on Ethereum. This bug was an upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds,” ImmuneFi said in its update about the entire event.
DeFi protocols have been at the mercy of hackers recently, and Wormhole as a bridge has suffered a massive exploit that led to the loss of over $320 million.
Besides Wormhole, the Ronin Bridge, solely used by the Axie Infinity protocol, has also been exploited by what is suspected to be a group of North Korea-backed Lazarus Group. The Ronin hack drew $625 million away from the protocol, a sum that has notably impacted the bridge’s operations.
In a bid to wade off these attacks, the first required caution is to eliminate any inherent bugs that can be a gateway for cybercriminals. While bugs are notably ubiquitous and difficult to detect, the bug bounty organized by ImmuneFi on behalf of Wormhole has notably achieved its goal.
Immunefi said no funds were lost before the bug was flagged, verified, and fixed. The stakeholders involved believe related bug bounties of this nature with the whitehat community could help prevent many more attacks on DeFi protocols across the board.
“Wormhole paid satya0x a record bug bounty of $10 million for the find. It’s one thing to create a program with a really high top payout, but Wormhole has proven that they are very serious about paying top-dollar to help mitigate security issues in partnership with the whitehat community,” the ImmuneFi statement reads.
Image source: Shutterstock
Source: https://blockchain.news/news/wormhole-defi-bridge-rewards-$10m-bug-bounty