A hacker has actually snatched $2 million in bug bounty after discovering a disconcerting vulnerability with the Ethereum network. This bug might have been really bad if it had actually been discovered by black hat hackers who might have made use of the digital property for billions of dollars worth of ETH. Instead, a ‘grey hat’ hacker widely referred to as Saurik notified the Ethereum group of the vulnerability, netting himself a large benefit in return.
Finding The Vulnerability On Ethereum
Hacker Saurik had actually discovered the vulnerability on Optimism, an Ethereum layer 2 rollup option. The hacker himself published a report regarding how he discovered the vulnerability on the option. Looking through nano payments procedures on the rollup, he had actually discovered a vulnerability that might permit an aggressor to withdraw unchecked a ‘virtually unlimited’ quantity of ETH from the option.
Related Reading | TA: Ethereum Overcome Hurdles, Why 100 SMA Is The Key
It resembled the attack technique released on popular wise agreements blockchain Solana that led to the $353 million hacks on Wormhole. Optimism, like Wormhole, mint what are referred to as “Wrapped Ether.” Users deposit their Ether on the wise agreement to generally act as security and they are even these tokens that just exist on Optimism’s network. They then utilize nano payments procedure to make deals quicker and faster.
ETH recuperates above $3,100 | Source: ETHUSD on TradingView.com
Saurik who is notoriously understood for establishing the Jailbroken iOS had actually validated the vulnerability. However, rather of making use of the vulnerability for his own individual gain, the self-styled grey hat hacker had actually reported it to the Optimism devs. In return, Saurik was rewarded with a $2 million bounty for his selflessness, which has actually assisted to make the network and layer 2 rollup much safer for users.
Debunking Popular Rumors
After news of the vulnerability and subsequent bounty payment broke, there have actually been reports flowing concerning what an aggressor might have made with it if they selected to not report it to the devs. The most popular of these has actually been that the enemy would have had the ability to withdraw an unrestricted quantity of ETH from the network. While this has some benefit to it, it is mostly incorrect.
Firstly, the vulnerability exists on a layer 2 rollup option Optimism. While the procedure exists on the ethereum network, it is not the network itself. This suggests that the vulnerability was localized to the procedure alone. So while an aggressor would have had the ability to exploit this to withdraw an ‘unlimited’ quantity of ETH, they might just withdraw the offered balance on the Optimism address.
Related Reading | Will Ethereum Hit $7k This Year? Finder’s Panel Says Yes
Nevertheless, it is still clear that the outcomes would have been ravaging for users of the layer 2 procedure if a black hat hacker had actually discovered the vulnerability. This occasion speaks volumes about the effectiveness of bug bounties. While the benefits for these bounties might appear too big initially, one need to think of what the option would be if there was no reward for hackers to come forward with their findings. White hat hackers no doubt aid to conserve millions, if not billions, of dollars every year.
Featured image from Gagadget, chart from TradingView.com