Polkadot Is Safe…For Now• January 6, 2023 10:24 am • Comments
Back in June, a white hat hacker by the name of Pwning.eth discovered a massive bug in the Polkadot code…
The ethical hacker uncovered a critical vulnerability that would have allowed any malicious user, or attacker, to mint unlimited wrapped tokens—a representation of an asset held in escrow.
This particular vulnerability could have impacted three of Polkadot’s most popular parachains: Moonbeam, Acala, and the Astar Network.
Pwning.eth was awarded a cool $1 million for his efforts via the blockchain security firm Immunefi; however, this was not his first rodeo. Previously, the ethical hacker was awarded a $6 million bug bounty for uncovering potentially seismic failures on NEAR.
Despite saving Polkadot this time, there is no surefire guarantee that this will be the last major vulnerability spotted in Polkadot’s code…Or if the next vulnerability will be spotted in time…
Here’s more on the story:
Whitehat hackers acting ethically and getting rewarded.
This researcher got a $6m bounty reward from $AURORA / $NEAR in 2022 for saving 70,000 $ETH (worth $210m at the time) and now $1m reward from Moonbeam, Astar and Parity (Polkadot) saving $200m.https://t.co/YGUwgm1a0a
— Nagato (@NagatoDharma) January 6, 2023
A security researcher known as pwning.eth discovered and reported a software vulnerability that could have been exploited to steal up to $200 million from three Ethereum-compatible parachains on the Polkadot network.https://t.co/jZzq6y8gYd
— Optimisus (@Optimisus_media) January 6, 2023
The Block writes:
Moonbeam and Astar, which have active bug-bounty programs with Immunefi, awarded $1 million to the ethical hacker through Immunefi. Parity, developer of the Frontier Library, decided to contribute $250,000 toward the $1 million reward, despite not having a bug bounty with Immunefi.
Polkadot continues to trade flat and has since June. The findings from the security efforts, which have only recently been made public, have had little to no effect on DOT’s price action:
DOT has continued to trade within a range since June 2022.https://t.co/lDD0G2BBrN
— Vince Quill (@VinceQuill) January 6, 2023
Ethereum World News had more on Pwning.eth’s white hat exploits:
Pwning.eth has previously been rewarded for finding critical bugs in the past, such as in early 2022 when the white-hat hacker received a $6 million bounty for discovering a vulnerability in Aurora, an EVM (Ethereum Virtual Machine) compatible blockchain for NEAR Protocol, which saved approximately 70,000 ETH worth $210 million at the time.
Join the conversation!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.