Hacker who discovered an alarming flaw in Ethereum’s network has taken $2 million as bug bounty. If the bug had been discovered by black-hat hackers, it could have caused serious problems that could have cost billions in ETH. Instead, a ‘grey hat’ hacker popularly known as Saurik informed the Ethereum team of the vulnerability, netting himself a sizable reward in return.
Finding the Vulnerability on Ethereum
Hacker Saurik discovered the vulnerability in Optimism (an Ethereum layer 2 rollup) solution. He published his own report detailing how he discovered this vulnerability. Looking through nano payments protocols on the rollup, he had found a vulnerability that could allow an attacker to withdraw unbridled a ‘virtually unlimited’ amount of ETH from the solution.
Related Reading| TA: Ethereum Overcome Hurdles, Why 100 SMA Is The Key
This attack was very similar to one used on the popular smart contract blockchain Solana, which led to Wormhole’s $353 million hack. Optimism, like Wormhole, mint what are known as “Wrapped Ether.” Users deposit their Ether on the smart contract to basically serve as collateral and they are even these tokens that only exist on Optimism’s network. To make payments faster, they use the nano payment protocol.
ETH recovering above $3,100| Source: ETHUSD on TradingView.com
Saurik, the Jailbroken iOS developer is well known to have confirmed the vulnerability. Instead of using the flaw for personal gain, Saurik, a self-described grey-hat hacker, reported the issue to the Optimism team. Saurik received a $2,000,000 bounty in return for his generosity, which helped make layer 2 and network safer.
Popular myths debunked
Rumours circulated about the possible actions of an attacker if it wasn’t reported to devs after news broke about the vulnerability. One of the most common is that an attacker was able to take unlimited amounts from the network. Although this may have some merit, it’s largely false.
The vulnerability is first found on layer 2 rollup solutions Optimism. Although the protocol does exist on the Ethereum network, it is not part of the actual network. This indicates that the vulnerability is not only limited to the protocol. So while an attacker would have been able to exploit this to withdraw an ‘unlimited’ amount of ETH, they could only withdraw the available balance on the Optimism address.
Similar Reading: Will Ethereum Reach $7k this Year?| Will Ethereum Hit $7k This Year? Finder’s Panel Says Yes
It is not a secret, however that the vulnerabilities could have devastating consequences for layer 2 users if they were discovered by a hacker. The usefulness and utility of bug bounty programs is evident in this case. The rewards of bug bounties can seem too big at first. However, you must consider what the alternatives would look like if hackers were not given incentives to report their findings. The white-hat hackers are able to help you save thousands, even billions every year.
Featured image by Gagadget. Chart from TradingView.com