Wormhole has awarded $10 million to a white-hat hacker who reported a bug in its Ethereum core bridge contract. This is part of the bounty program announced in February after losing $323 million to an exploit.
The bug in question “was an upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds.”
In the blog post announcing the payment, Immunefi explained everything about the vulnerability and how it fixed the issue.
Wormhole partnered with Immunefi for the bounty program, which offered rewards based on the potential level of impact. For example, a low-level bug will attract a $2,500 reward, while critical bugs could earn anyone who discovers them up to $10 million.
Satya0x, an anonymous white-hat hacker, discovered the bug on February 24, and according to the announcement, the team immediately fixed the problem. This ensured that Wormhole didn’t lose any user funds, unlike the last exploit.
According to Immunefi,
Wormhole is sending a clear message with this payout to the best, most talented white hats on the planet that if they responsibly disclose security vulnerabilities to Wormhole, they’ll be well taken care of.
The announcement also shared statements from the hacker, who described blockchain security as an existential threat. He expressed his delight in helping to mitigate the effects of this serious vulnerability to the crypto ecosystem.
“If we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tooling needed for users to make informed decisions; if we continue to condemn simple mistakes while praising Total Value Lost as the sole measure of success — we risk enabling the reemergence of the very power structures we seek to destroy,” satya0x added.
Wormhole is a cross-chain protocol that links Ethereum and networks. The bridge allows users to move assets between different blockchain networks by wrapping.
Crypto bridges are quite vulnerable to exploits. Less than 2 months ago, hackers exploited the Ronin Bridge to over $600 million from Axie Infinity. Wormhole itself was a victim of a hack that resulted in the loss of over $300 million.
