Picture credit score: Aurora.com
Aurora, an Ethereum Digital Machine (EVM) suitable scaling and bridging answer constructed on high of the NEAR protocol blockchain community, has obtained a $2 million bug bounty cost from two whitehat hackers which had reported vulnerabilities on the platform again in June.
In line with a weblog put up from ImmuneFi, a number one web-3 bug bounty platform that facilitated the transaction, the whitehat hackers will every obtain $1 million within the platform’s eponymous native token streamed linearly over a yr.
The vulnerabilities the hackers found associated to Aurora’s permissionless bridging performance between the NEAR protocol and Ethereum. The primary vulnerability was that the platform had one other ERC-20 (fungible token commonplace) referred to as NEP-141. This could doubtlessly enable an attacker to create nugatory NEAR tokens, bridge them to Aurora, after which use them to withdraw ETH from Aurora customers’ addresses.
The second error needed to do with the burn perform of the bridge. It might have allowed an attacker to create a “faux burn occasion” on Aurora, which may then be used to purge ETH from the protocol’s reserve.
Each vulnerabilities have been mounted with no lack of cash for customers, the weblog put up states. The primary report on the vulnerabilities was written by DeFi safety agency Halborn.
“We wish to thank the nameless whitehat for doing a terrific job and responsibly disclosing such an essential error. Nice credit score additionally to the Aurora staff for responding rapidly to the report and patching it,” ImmuneFi mentioned within the put up.
Hacks are nonetheless a giant downside amongst blockchain platforms
Not all cross-bridge blockchain platforms have been as fortunate as Aurora in coping with main vulnerabilities with out dropping cash. Bridge protocols have misplaced over $1.4 billion to hackers to this point in 2022, in keeping with an August CNBC report.
The report finds that the endemic assaults on bridges are due partly to shoddy engineering. This was the case with Axie Infinity’s Ronin Community hacks, and likewise with Concord Horizon, Wormhole, and Nomad.
In the meantime, they aren’t the one sector of the crypto market focused by cyber criminals. The New York Occasions estimates that hackers stole over $2 billion from the crypto trade general this yr. The pattern factors to the necessity to research and regulate the house extra carefully, the report famous.