Sunday, February 5, 2023
    HomeEthereumHacker Scoops Up $2 Million Bounty After Spotting Fatal Flaw In Ethereum...

    Hacker Scoops Up $2 Million Bounty After Spotting Fatal Flaw In Ethereum Rollup


    A hacker has made off with $2 million in bug bounty after discovering an alarming vulnerability with the Ethereum community. This bug may have been very dangerous if it had been discovered by black hat hackers who may have exploited the digital asset for billions of {dollars} value of ETH. As a substitute, a ‘gray hat’ hacker popularly often called Saurik knowledgeable the Ethereum crew of the vulnerability, netting himself a large reward in return.

    Discovering The Vulnerability On Ethereum

    Hacker Saurik had discovered the vulnerability on Optimism, an Ethereum layer 2 rollup resolution. The hacker himself published a report as to how he discovered the vulnerability on the answer. Trying via nano funds protocols on the rollup, he had discovered a vulnerability that might permit an attacker to withdraw unbridled a ‘nearly limitless’ quantity of ETH from the answer.

    Associated Studying | TA: Ethereum Overcome Hurdles, Why 100 SMA Is The Key

    It was just like the assault methodology deployed on common sensible contracts blockchain Solana that resulted within the $353 million hacks on Wormhole. Optimism, like Wormhole, mint what are often called “Wrapped Ether.”  Customers deposit their Ether on the sensible contract to mainly function collateral and they’re even these tokens that solely exist on Optimism’s community. They then use nano funds protocol to make transactions sooner and faster.

    Ethereum price chart from

    ETH recovers above $3,100 | Supply: ETHUSD on

    Saurik who’s famously identified for growing the Jailbroken iOS had confirmed the vulnerability. Nevertheless, as an alternative of exploiting the vulnerability for his personal private achieve, the self-styled gray hat hacker had reported it to the Optimism devs. In return, Saurik was rewarded with a $2 million bounty for his altruism, which has helped to make the community and layer 2 rollup safer for customers.

    Debunking Fashionable Rumors

    After information of the vulnerability and subsequent bounty fee broke, there have been rumors circulating relating to what an attacker may have finished with it in the event that they selected to not report it to the devs. The preferred of those has been that the attacker would have been capable of withdraw a limiteless quantity of ETH from the community. Whereas this has some advantage to it, it’s largely false.

    Firstly, the vulnerability exists on a layer 2 rollup resolution Optimism. Whereas the protocol exists on the ethereum community, it’s not the community itself. Because of this the vulnerability was localized to the protocol alone. So whereas an attacker would have been capable of exploit this to withdraw an ‘limitless’ quantity of ETH, they may solely withdraw the out there steadiness on the Optimism handle.

    Associated Studying | Will Ethereum Hit $7k This Year? Finder’s Panel Says Yes

    Nonetheless, it’s nonetheless no secret that the outcomes would have been devastating for customers of the layer 2 protocol if a black hat hacker had discovered the vulnerability. This occasion speaks volumes in regards to the usefulness of bug bounties. Whereas the rewards for these bounties could seem too giant at first, one should take into consideration what the choice could be if there was no incentive for hackers to come back ahead with their findings. White hat hackers little doubt assist to avoid wasting thousands and thousands, if not billions, of {dollars} yearly.

    Featured picture from Gagadget, chart from

    Source link

    Related articles


    Please enter your comment!
    Please enter your name here


    Latest posts