A “white hat” hacker received $10M from Wormhole
![](data:image/svg+xml;utf-8,<svg xmlns="http://www.w3.org/2000/svg" width="730" height="472" />)
He pointed at a security hole and prevented Wormhole from becoming the black hole for its investors’ money
The team behind the Wormhole project has given a “white hat” hacker a reward of $10 million for discovering a critical vulnerability in the network. The man who found the bug and got paid is known by his nickname satya0x.
Immunefi project, which launched the search for the bug and set the reward, described the potential breach like this:
“An upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds.”
The thing is, this bug was found in the core bridge contract on Ethereum, which means it is really low-level. If it weren't for the “white hat” hacker, the outcome could be catastrophic not only for the users, but for the network as well.
Here’s what a potential attack would look like if someone were to abuse this vulnerability: he could use the contract upgrade function to upload malicious code to the network and render the proxy contract useless.
The Wormhole team fixed the bug almost immediately. As a matter of fact, the breach was secured the same day it got reported by satya0x, which is February 24.
Immunefi also included a comment from satya0x himself. Here’s what he had to say:
"I am proud to have played a role in mitigating a serious vulnerability and a systemic threat to the ecosystem. The decision to award this bounty, and the existence of such a bounty in the first place, speaks volumes to the team’s commitment to users, the security of user funds, and the stability of the networks on which they operate.”
Source: Immunefi
4 comments