$6M Bounty Paid to White Hat Hacker Likely Averts Sizable DeFi Hack

  • No user funds were lost or stolen before the loophole was discovered
  • Up to $200 million worth of Aurora users funds could have been hacked if this bug wasnt fixed

It was almost the next market-moving DeFi hack. 

Aurora, an Ethereum Virtual machine built on the NEAR Protocol, recently paid a $6 million reward to a so-called white hat hacker for identifying a key bug.

The hacker, known as pwning.eth, uncovered in April a critical vulnerability in Auroras system, which could have jeopardized up to $200 million of funds. Virtual machines power smart contracts, or transactions executed in code on the blockchain without intermediaries, on Ethereum. Aurora paid the bounty through the Immunefi platform.

It marks one of the largest-ever known bounty payouts in DeFi (decentralized finance) history. Last month, crypto bridge Wormhole which connects different blockchains paid $10 million to an ethical security hacker that also discovered a bug through Immunefis platform.

Such a vulnerability should have been discovered at an earlier stage of the [defense] pipeline and we have already started improving our methods to achieve that in the future, Frank Braun, Auroras head of security, said in a statement Tuesday.

Added Braun: However this event ultimately proves that our security mechanisms work.

The bug was initially flagged via Immunefi crucially, before any funds were stolen. Aurora’s bounty program with Immunefi was launched in April 2022, with rewards ranging from $1,000 to $6 million, depending on severity.

Jonah Michaels, a spokesperson for Immunefi, told Blockworks that at a time of distrust in the markets, its important more than ever for Web3 projects to show that they take security seriously.

On Immunefis platform, security researchers review code and disclose vulnerabilities. Through its programs with DeFi projects, Immunefi said it paid over $40 million in bounties to friendly hackers claiming to have prevented over $20 billion in potential damages.

Auroras goal is to provide application developers the means to operate on Ethereum-compatible platforms under the governance of the decentralized Aurora DAO. Auroras scaling solution is currently responsible for $373 million of NEARs $786 million in total value locked, according to data provider DefiLlama.

Get the days top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks free newsletter now.

  • Tiago Varzim


    Freelance Reporter

    Tiago Varzim is a journalist based in Portugal covering macroeconomics, financial markets and digital assets in the European Union. He works for key financial newspapers in Portugal. Tiago graduated from Escola Superior de Comunicao Social in Lisbon with a degree in journalism.