Following the Fantom hack in October, a security researcher revealed as much as $170 million could have been lost, in recognition of the researcher’s contribution, the organization awarded him $1.7 million as bounty.
Following an October breach that cost the Fantom Foundation $550,000, the Fantom Foundation, a non-profit organization that develops the Fantom blockchain platform, has patched a critical vulnerability.
A hot wallet breach compromised the Fantom Foundation on October 17, resulting in the unidentified assailant removing 1% of the organization’s funds.
As a result, the foundation ceased using and reassigned several compromised wallets to a Fantom employee, thereby classifying the incident as a “targeted attack.”
A November 20 blog post states that, in the aftermath of the incident, an unidentified security researcher discovered an additional potential danger associated with the breach and notified the Fantom Foundation.
A dormant admin token associated with Fantom’s ERC-20 FTM contract posed a potential vulnerability that could enable an adversary to mint a portion of Fantom tokens for use on Ethereum.
Per the Fantom Foundation, the disclosed susceptibility might have enabled the assailant to withdraw $170 million by utilizing the wallet access. The organization stated that the potential loss is valued at the token price at the time of the breach, “though this estimate does not account for the inadequate liquidity of the market to absorb the tokens fully.”
The Fantom Foundation stated that the vulnerability was “rapidly mitigated,” in recognition of the researcher’s contribution, the organization awarded them $1.7 million. Extending the announcement:
“The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort.”
Since a month ago, when the Fantom Foundation lost a half-million to a breach, the Fantom token’s value has increased significantly over the last four weeks. Since October 17, the token has increased by 82%, at $0.31 as of this writing on CoinGecko. The token has also increased by 78% annually, per the data.
Fantom is a blockchain protocol that began operation in late 2019 and facilitates the development and deployment of decentralized applications by its users.
Users can interact with the Fantom network using MetaMask, a prominent self-custodial cryptocurrency wallet because The Fantom Foundation’s Opera is a permissionless blockchain compatible with the Ethereum Virtual Machine.
The recent $550,000 intrusion that compromised Fantom is not the organization’s or users’ initial breach. A significant multichain bridge breach targeting Fantom in July 2023 caused the loss of cryptocurrencies valued at $126 million.
Subsequently, Andre Cronje, the creator of Fantom, asserted that the Fantom team was duped regarding the actual security status of Multichain, an application that ceased operations in mid-July 2023.
