Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » Aurora Pays Out $6M Bug Bounty to White Hat Hacker

Aurora Pays Out $6M Bug Bounty to White Hat Hacker

by

The reward is the second largest in crypto history, according to Immunefi.

Aurora Pays Out $6M Bug Bounty to White Hat Hacker
Shutterstock photo by Pavel Ignatov

Key Takeaways

  • Aurora has paid out a $6 million bug bounty to a white hat hacker who warned it of a possible $330 million exploit.
  • ImmuneFi, which coordinated the bounty and payout, says that the amount is the second largest reward in crypto history.
  • The Aurora payout is surpassed only by a $10 million bug bounty from Wormwhole, which was paid out in May.

Share this article

Aurora, a blockchain bridge project, has paid out the second-largest reward in crypto history after being informed of a vulnerability.

$330 Million In Losses Averted

A white hat hacker by the name of Pwning.eth discovered and notified Aurora of an exploit in the project’s Aurora Engine.

The Aurora Engine is an Ethereum Virtual Machine (EVM) built on the NEAR Protocol. It allows developers to develop and deliver apps for both platforms—NEAR and Ethereum—at once.

Immunefi said in an announcement that the bug concerned an infinite spending vulnerability that “could have been exploited to mint arbitrary ETH in the Aurora EVM at an exponential speed.”

Immunefi estimates that Aurora could have lost up to 70,000 ETH ($130 million) plus $200 million in other assets through the exploit. No funds were lost, though, as the project quickly patched the bug.

Frank Braun, Head of Security at Aurora Labs, stated that “such a vulnerability should have been discovered at an earlier stage of [our] defense pipeline.” However, he added that Immunefi’s bug bounty program has been “valuable in incentivizing white hats to look at our code base and disclose bugs in a responsible manner.”

Pwning.eth was awarded a $6 million bug bounty after alerting the project of the issue via Immunefi on April 26.

Bug Bounty Breaks Records

According to Immunefi, the $6 million reward paid by Aurora is the second-largest bounty ever delivered in crypto history.

Only one other bounty had a higher reward: a $10 million reward for the Solana bridge Wormhole that was paid out in May.

Immunefi is also offering a $10 million reward for the stablecoin project MakerDAO that has not yet been paid out, which could overtake today’s payout and make it the third-largest in history.

To date, Immunefi has paid out more than $40 million in bounties and averted north of $20 billion in hack damage.

DeFi and blockchain exploits can be catastrophic for protocols. Last week, digital synthetic assets creator Mirror Protocol suffered a $2 million hack that almost destroyed the project altogether. It previously lost $90 million to a different vulnerability.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.