Aurora, an Ethereum bridging and scaling solution that runs on the NEAR Protocol, announced on June 7 that it had paid a reward valued at US$6 million to a whitehat hacker for finding a bug that could have resulted in the loss of up to US$330 million worth of users’ funds:
The bug was reported to Aurora on April 26 through ImmuneFi, a leading Web3 bug bounty platform. The hacker who found the bug has been identified only by their Ethereum domain name, pwning.eth.
Aurora has confirmed that this bug was patched before any user funds were lost.
Bug Would Have Allowed Attacker to Mint Infinite ETH
The bug was described by Aurora as an “inflation vulnerability”. If exploited, the bug would have allowed an attacker to mint an unlimited supply of artificial ETH, which they then could have used to completely drain the real ETH from Aurora’s bridge contract – over 70,000 ETH, valued at more than US$200 million.
Other assets with ETH pairs valued at around US$130 million also would have been at risk. In total, up to US$330 million of assets could have been stolen.
Fortunately for Aurora, the hacker decided to report the bug and claim the US$6 million reward, the largest offered by Aurora and the second-largest bug bounty paid in crypto history.
The Aurora payout follows a US$2 million bug bounty paid in February to a whitehat hacker who identified a vulnerability in the Ethereum scaling solution, Optimism, which if exploited would have allowed an attacker to mint unlimited ETH.
Vulnerability Patched, Source Code Released
The vulnerability has since been patched on both the Aurora testnet and the mainnet, and the source code has been added to GitHub so external developers can confirm the bug no longer exists.
Aurora Labs, the organisation responsible for Aurora’s development, expressed disappointment that it allowed this bug to get into a mainnet release, but was happy the bug bounty program worked as intended:
Such a vulnerability should have been discovered at an earlier stage of the defence pipeline, and Aurora Labs has already started improving its methods to achieve that in the nearest future. However, this event ultimately proves that the ecosystem created around Aurora Labs’ security mechanisms actually works.
Aurora Labs statement
Bug bounty platform ImmuneFi says it has paid out more than US$40 million in bounties to date, which it claims have prevented over US$20 billion in potential damage from hacks.