Wormhole has awarded $10 million to a white-hat hacker who reported a bug in its Ethereum core bridge contract. This is part of the bounty program announced in February after losing $323 million to an exploit.
The bug in question “was an scalable proxy implementation self-destruct bug that helped prevent a potential blockage of user funds.”
In the blog post announcing the payment, Immunefi explained everything about the vulnerability and how it fixed the issue.
Wormhole partnered with Immunefi for the bounty program, which offered rewards based on the level of potential impact. For example, a low-level bug will attract a reward of $2,500, while critical bugs could earn up to $10 million for anyone who discovers them.
Satya0x, an anonymous white-hat hacker, discovered the bug on February 24, and according to the announcement, the team immediately fixed the problem. This ensured that Wormhole didn’t lose any user funds, unlike the last exploit.
According to Immunefi,
Wormhole is sending a clear message with this payment to the best and most talented white hats on the planet that if they responsibly disclose security vulnerabilities at Wormhole, they will be well taken care of.
The announcement also shared statements from the hacker, who described blockchain security as an existential threat. He expressed his delight in helping to mitigate the effects of this serious vulnerability to the crypto ecosystem.
“If we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tools necessary for users to make informed decisions; if we continue to condemn simple mistakes while praising total value lost as the only measure of success, we risk allowing the re-emergence of the very power structures we seek to destroy,” added satya0x.
Wormhole is a cross-chain protocol that links Ethereum and Solana networks. The bridge allows users to move assets between different blockchain networks by wrapping.
Crypto bridges are quite vulnerable to exploits. Less than 2 months ago, hackers exploited the Ronin Bridge to steal over $600 million from Axie Infinity. Wormhole itself was the victim of a hack that resulted in the loss of over $300 million.
