The Wormhole inter-blockchain transfer protocol team has just paid a record $10 million bounty to a whitehat hacker. This follows the discovery of a critical flaw on February 24, which fortunately was fixed the same day and resulted in no loss of funds.
Wormhole rewards whitehat with record bonus
As part of its bounty program, Wormhole paid a record $10 million reward to a whitehat hacker operating under the alias satya0x.
For this, the protocol used to transfer funds from one blockchain to another used the services of Immunefi, another protocol, which specializes in paying such bounties.
This discovery of a critical flaw, the details of which have just been explained by Immunefy, took place on February 24. It is the functionality allowing to update the smart contract of Wormhole that was implicated. If this flaw had been exploited, a hacker could have taken control of the protocol by performing a series of specific actions.
Fortunately, none of this happened and Wormhole took action on the same day to make this worst case scenario a thing of the past.
The hacker satya0x congratulated himself for helping to avoid an event, which could have shaken decentralized finance (DeFi) again through this bridge:
“I am proud to have played a role in mitigating a serious vulnerability and systemic threat to the ecosystem. I have great respect for the way the Wormhole team handled both the security response and the entire bounty process.”
Consistent measures for ecosystem stability
The bounty program, in which Wormhole invites every whitehat to report possible flaws, was put in place after the impressive $320 million hack on February 2. Whitehats, literally translated as “white hats”, are security hackers who rent out their talents in exchange for rewards.
This discipline allows them to earn large sums of money in a completely legal way, while ensuring a valuable reputation in the ecosystem.
Depending on the severity of a vulnerability, bridge teams pay rewards ranging from $1,000 to $10 million to the person who discovered it. According to Immunefi, this is an effective strategy for increasing the resiliency of a protocol:
“Wormhole is sending a clear message with this payment to the best whitehats […] on the planet, if they responsibly disclose security vulnerabilities to Wormhole, they will be well taken care of.”
While Wormhole supports 9 blockchains and capitalizes $650 million in total locked value (TVL), it is understandable how important security must be, especially following the events the team faced earlier this year.
