Wormhole has announced a $10 million bug bounty payout

Wormhole rewards white hackers with $10 million to identify and report a bug in its cross-chain bridge.

After a $323 million hack, the crypto bridge established a bug bounty program in February.

The hacker, whose pseudonym is satya0x, commented that blockchain security issues represent an “existential threat” to the technology’s future.

Wormhole’s Bounty reward program is based on the level of risk discovered by the hacker.


A Remarkable Act Rewarded

---

Wormhole has paid out $10 million to a hacker who revealed a security weakness in its Ethereum core bridge contract in February, According to its bug bounty partner Immunefi. The reward was awarded to a white-hat hacker with the pseudonym satya0x, who discovered and reported the flaw he described as an “upgradeable proxy implementation self-destruct bug.”

Wormhole revealed the initiative in February, just days after losing over $323 million in ETH to a hacker in one of the most significant DeFi protocol attacks. It quickly amended its blockchain bridge and offered the attacker $10 million in exchange for the funds.

Wormhole’s approach toward the security of its bridge by rewarding white hackers and cybersecurity experts that can spot loopholes in its chain’s operating systems will sponsor a safer environment for Blockchain protocols and bridges as Several bridges have been falling prey to scams this year.


Wormhole and Immunefi

---

Wormhole is a messaging system that links high-value blockchains. Its apps use the main messaging layer to allow ecosystems to communicate with one another. Developers can share arbitrary data cross-chain, including tokens, NFTs, oracle data, governance decisions, and more, thanks to the protocol’s 19 guardians. Wormhole is connected to Ethereum, Binance Smart Chain, Solana, Terra, Oasis, Polygon, and Avalanche.

Immunefi, on the other hand, is the most prominent bug bounty program for smart contracts and DeFi projects. It’s where security researchers examine code, reveal flaws, and make encryption more secure for everyone. Immunefi operations allow security researchers to find and expose potential smart contract and application vulnerabilities and get rewarded for it and, in the process, protect susceptible projects from attacks.



The Cause of The Bug

---

According to a blog post published by Immunefi, the Wormhole vulnerability surfaced after incorporation for a Common Upgradeable Proxy Normal (UUPS) proxy “was uninitialised after a previous bugfix had returned the unique initialisation, which meant an attacker could move their very own Guardian set and proceed with the upgrade as a Guardian they managed.”

Furthermore, based on a proof of concept (PoC) released to GitHub by Immunefi, an attacker leveraging the vulnerability “could have held the entire system to ransom with the threat that the Ethereum Wormhole bridge may be bricked, and all of the assets existing in that contract misplaced indefinitely.”

The PoC also stated that “at the time of submission, $736 million in assets were resident within the contract.”

According to Immunefi, no user assets were lost before the vulnerability was found since Wormhole was able to respond quickly, verifying and resolving the issue the same day (February 24) that satya0x reported it.


The White Hat Hacker and the Reward Program

---

Wormhole’s reward bug bounty program adds an extra layer of protection for users and demonstrates her long-term commitment to making the Wormhole protocol and the DeFi ecosystem more secure.

The program focuses on preventing exploits that cause user funds to be locked, lost, or stolen, forging unverified data, governance manipulation, private keys exposure, remote code execution, etc.

The wormhole bug bounty program’s rewards are based on the Immunefi Vulnerability Severity Classification System. Hence prizes are distributed according to the effect of the vulnerability. Detecting A “low” level smart contract flaw, as a white-hat hacker or security specialist, for example, can earn you up to $2,500, while a “critical” one can earn you up to $10 million – just like satya0x.

Satya0x stated in a statement posted by the crypto platform that blockchain security issues constitute an “existential threat” to the network’s future.

“I am proud to have played a role in mitigating a serious vulnerability and a systemic threat to the ecosystem,” satya0x said

He further commented in a statement according to the Block that We risk enabling the reemergence of the very power structures we seek to destroy if we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tooling needed for users to make informed decisions; if we continue to condemn simple mistakes while praising Total Value Lost as the sole measure of success.


Conclusion

---

Wormhole believes that this bug bounty program and other similar initiatives would keep the Blockchain ecosystem secure from hacks and security breaches. It is also a way to encourage white hats to reveal security vulnerabilities and become more competent in the task as it is established they would be rewarded.


Author: Gate.io Observer: M. Olatunji
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.