{"id":29199,"date":"2022-06-07T21:35:46","date_gmt":"2022-06-08T01:35:46","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=29199"},"modified":"2022-06-07T21:35:58","modified_gmt":"2022-06-08T01:35:58","slug":"aurora-rewards-ethical-security-hacker-with-6m-bug-bounty","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/aurora-rewards-ethical-security-hacker-with-6m-bug-bounty\/","title":{"rendered":"Aurora rewards ethical security hacker with $6M bug bounty"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\" id=\"h-aurora-an-ethereum-eth-bridge-and-scaling-solution-revealed-that-ethical-security-hacker-pwning-eth-had-identified-a-significant-vulnerability-in-the-aurora-engine-and-had-received-6-million-as-a-bug-bounty\">Aurora, an Ethereum (ETH) bridge and scaling solution, revealed that ethical security hacker pwning.eth had identified a significant vulnerability in the Aurora Engine and had received $6 million as a <a href=\"https:\/\/coinscreed.com\/staging\/sky-mavis-launches-1m-bug-bounty.html\" target=\"_blank\" rel=\"noreferrer noopener\">bug bounty<\/a>.<\/h5>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-55.png\" alt=\"Aurora rewards ethical security hacker with $6M bug bounty \" class=\"wp-image-29203\" width=\"814\" height=\"345\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-55.png 573w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-55-300x127.png 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-55-150x64.png 150w\" sizes=\"(max-width: 814px) 100vw, 814px\" \/><figcaption>Aurora rewards ethical security hacker with $6M bug bounty <\/figcaption><\/figure>\n\n\n\n<p>Over $200 million in capital is said to have been put at risk as a result of the scam. The payment was awarded in partnership with Immunefi, a major platform for Web 3.0 bug bounties, which has over $145 million in accessible bounties and has paid out over $45 million in bounties.<\/p>\n\n\n\n<p>On April 26, Immunefi received a complaint from pwning.eth concerning a significant weakness in the Aurora Engine that would have allowed the <a href=\"https:\/\/www.google.com\/search?q=Aurora+rewards+ethical+security+hacker+with+%246M+bug+bounty&rlz=1C1SQJL_enNG889NG889&oq=Aurora+rewards+ethical+security+hacker+with+%246M+bug+bounty&aqs=chrome..69i57.547j0j9&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\">Aurora Ethereum Virtual Machine <span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a>to drain and suck the matching nested ETH (nETH) pool on NEAR, allowing for unlimited ETH minting. The pool had more than 70,000 ETH, worth at least $200 million, when it was discovered.<\/p>\n\n\n\n<p>&#8220;Hats off to Aurora and pwning.eth for the perfect overall processing of the report,&#8221; said Mitchell Amador, founder and CEO of Immunefi. The problem was swiftly fixed, and no user payments were lost as a result.&#8221;<\/p>\n\n\n\n<p>Aurora had just begun a bug bounty program with <a href=\"https:\/\/coinscreed.com\/staging\/crypto-focused-vc-firm-electric-capital-raises-1b-in-new-funding.html\" target=\"_blank\" rel=\"noreferrer noopener\">Immunefi <\/a>a week before the security flaw was discovered. Meanwhile, Frank Braun, Aurora Labs' head of security, said, &#8220;We regard the bug bounty program as the final step of a layered defense approach, and we will use this defect as a learning opportunity to enhance earlier phases, such as internal reviews and external audits.&#8221;<\/p>\n\n\n\n<p>Cross-chain communication protocols, while certainly creative, have recently become a prime target for <a href=\"https:\/\/coinscreed.com\/staging\/binance-seizes-5-8m-from-axie-infinity-hackers.html\" target=\"_blank\" rel=\"noreferrer noopener\">hackers<\/a>. In February, one of the greatest decentralized financial attacks happened when hackers exploited an indefinite minting flaw between the Wormhole token bridge and its wrapped ETH and ETH pool, draining the Wormhole token bridge of almost $321 million in digital assets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Aurora, an Ethereum (ETH) bridge and scaling solution, revealed that ethical security hacker pwning.eth had identified a significant vulnerability in the Aurora Engine and had received $6 million as a bug bounty. Over $200 million in capital is said to have been put at risk as a result of the scam. The payment was awarded [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":29203,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-29199","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-55.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/29199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=29199"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/29199\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/29203"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=29199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=29199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=29199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}