whitehat - Pwim.Net

Whitehat Hacker Receives the Largest Bounty for Identifying Exploits in Polygon's Codes

A Whitehat hacker, Gerhard Wagner, has received the largest bug bounty in history after he discovered a vulnerability in Polygon’s plasma bridge.

According to Immunefi, a bug bounty platform for smart contracts and DeFi projects, the identified bug would have cost the protocol as much as $850 million in losses if discovered by a knowledgeable hacker.

Immunefi said the report on the faulty codes in the plasma bridge was first reported on October 5, and the Immunefi triaging team verified the claims. The vulnerability allowed an attacker to exit their burn transaction from the bridge multiple times, up to 223 times. There was around $850M at risk. Having just $100k to launch the attack would result in $22.3M in losses! This means the DepositManager for the Plasma Bridge could be depleted with a sufficient amount.

The risk was then escalated to Polygon, who also confirmed it and promptly fixed the vulnerability. As its policy to reward such reports on faulty codes, Polygon agreed to pay its highest listed amount for such related bug bounties, and Wagner was notably paid a $2 million sum.

The potential security of decentralized finance (DeFi) protocols became a subject of debate amongst experts following a series of hacks that were reported in the past months. Back in August, Blockchain.news reported the Poly Network hack, which was credited for being the largest blockchain exploitation with over $610 million stolen. While the event behind this hack ended in the interoperable protocol’s favour as the Whitehat hacker returned all stolen funds, other projects have not been as lucky.

Despite the veracity of hacking in blockchain-related protocols surging in the past months, mainstream tech firms are also experiencing their fair share of the exploitations. Tech giant T-Mobile was also hacked for at least 6 BTC back in August, lending voice to the position that more Whitehat hackers are needed across every inch of the tech ecosystem.

Transit Finance Convinces Hacker to Return $2m to Protocol

Earlier this month, Transit Finance, a Decentralized Finance (DeFi) protocol, unveiled it was hacked for $21 million, marking the sheet as one of the latest protocols to suffer exploitation this year.

In an unusual turn of events, the protocol has come out to announce that from its conversation with the biggest hacker, there is an agreement to return a significant portion of the funds.

With Transit Finance ready to take the hacking event as a White Hat, the protocol said its main hacker would return 6,500 BNB in the first tranche and return another 3,500 BNB when the protocol has come through with the payment reward promised.

“After friendly communication with white hat #1 (the biggest hacker), we have both reached a consensus. White hat #1 stated that he would refund the users’ 6,500BNB as soon as possible today and promised to refund another 3,500BNB when TransitFinance Official initiates the second phase of refunds. Ultimately white hat #1 will keep 2,500 BNB as a bounty for this event,” the protocol said in a Monday announcement. “TransitFinance Official expresses its gratitude to white hat #1 for the refund and promises that if white hat #1 returns the remaining 3500BNB as agreed, TransitFinance Official will no longer hold him any legal responsibility.”

The DeFi protocol said it has filed for legal proceedings, and while it will make good on its promise not to launch a lawsuit against Whitehat #1, the protocol said it would not hesitate if other hackers do not return the funds stolen.

Relying on whitehat-hinged refunds is not something that is uncommon and was made popular when the hacker who stole over $610 million from the interoperability network Poly Network returned the complete funds stolen last year.

When Poly Whitehat refunded the cash stolen, many protocols started appealing to the hackers, and a few, like Transit Finance, has recorded success in their moves.

ImmuneFi Launches Whitehat Leaderboard to Incentivize Web3 Hackers

ImmuneFi, one of the most notable Web3 bug bounty protocols has announced the launch of a new Leaderboard feature for ethical hackers in Web3.

As announced by the outfit, the Leaderboard will pull 20 of the most versatile Whitehat hackers in the Web3 ecosystem and rank them in order of the critical bugs they report through the ImmuneFi platform.

“We’re proud to release the Immunefi Whitehat Leaderboard showing the top 20 whitehats in web3!” ImmuneFi shared the announcement via its Twitter page

Bug bounties have become a thing in the web3 ecosystem as protocols incentivize experienced hackers to help scour through their codes to see if there are vulnerabilities therein. As the industry evolved, ImmuneFi emerged, helping to organize Whitehat events in a way that was easy for both the protocols and the participants.

Whitehats are typically rewarded for their participation, and with this new feature, ImmuneFi said it will be giving the top hackers additional benefits.

“Whitehats who earn their spot through genius and hard work are eligible for further rewards, exclusive merch, paid trips, speaking opportunities, and more,” ImmuneFi affirmed.

ImmuneFi said the ranking for whitehats who submit bug reports through its platform will be based on three crucial factors including, the number of paid reports, the severity of paid reports, and total earnings.

While the new leaderboard feature may not be an extra motivation for Whitehats to intensify their activities in the space, it certainly creates room for respect amongst the most elite of solution providers to hacking problems in the industry.

The appreciation of Whitehats cannot be overemphasized, a move that was recently underscored by the ApeCoin DAO. The ApeCoin DAO recently passed a vote that will see 1 million APE tokens set aside as bug bounty on ImmuneFi to incentivize whitehats to pour through its forthcoming staking protocol in a bid to see if there is a weak leak that might cause fund drain in the near future.