A decentralized bridging platform, Wormhole rewarded a white hacker with $10 million for rectifying a bug in its core bridge contract on Ethereum on February 24.
As per the announcement, the bug bounty was given to the person with the pseudonym satya0x, which partnered with Wormhole in hosting its bug bounty platform.
Wormhole introduced a bug bounty program in February just after its platform was compromised in the cyber attack, which led to the loss of 120,000 wETH. Its valuation at that time was around $323 million.
However, the bug bounty will be given out according to the bug’s category and how hazardous it is for the system. Like if the bug is at a low level, then the identifier can get up to $2,500. While a “critical” bug will be subject to a bounty worth of $10million.
“Wormhole is sending a clear message with this payout to the best, most talented whitehats on the planet that if they responsibly disclose security vulnerabilities to Wormhole, they’ll be well taken care of,” Immunefi said.
In the announcement, Immunefi stated that all the users’ funds are secure after the bug was identified. After the bug identification, Wormhole quickly took preventive measures and fixed the issues on the same day.
Satya0x stated that blockchain security is subject to an “existential threat” for its future. “I am proud to have played a role in mitigating a serious vulnerability and a systemic threat to the ecosystem,” he said.
The bug was associated with Wormhole’s ability to upgrade smart contacts. If the bug was exploited by the hacker then he could control the entire smart contract or more likely to say entire protocol.
Satya0x also said: “If we fail to recognize and aggressively reduce systemic risk; if we fail to provide the transparency and tooling needed for users to make informed decisions; if we continue to condemn simple mistakes while praising Total Value Lost as the sole measure of success — we risk enabling the reemergence of the very power structures we seek to destroy.”