Sentiment Recovers Stolen Funds with Bounty

Lending protocol A recent hacking incident using Sentiment resulted in the perpetrator stealing close to one million dollars. However, because to a reward of $95,000 that was offered to the hacker, the protocol was successful in recovering the stolen cash. Through the use of the Arbitrum blockchain, Sentiment spoke with the hacker, imploring them to “do the right thing” and restore the cash by April 6 at the latest. In addition, the policy guaranteed the same payment to anybody who was able to assist in determining who was responsible for the crime and bringing them to justice.

After monitoring the situation, the creator of MetaMask, Taylor Monahan, made the announcement that the hacker had returned 414 ether, which is equivalent to around $771,000 at the current exchange rate. After some time had passed, the hacker sent a further 51.75 ETH to the recovery address provided by Sentiment. The protocol said unequivocally that it had been successful in acquiring the monies and that the problem had been fixed.

On April 4, a hack was carried out, and it is thought that it was carried out as a consequence of a re-entry assault or a flaw. As was stated by a few members of the community, this episode underscores how critically important it is for businesses to take bug bounties seriously. Even one of the members gave the hacker kudos for “taking it by force” with their efforts. On the other hand, a different user of Twitter voiced their disapproval of the event, labeling it as “a bug bounty with a criminal step,” and asking businesses to provide greater and more open bug bounties.

Comparisons have been made between this attack and the recent one that occurred at Euler Finance, in which the Ethereum protocol awarded a reward to a hacker who returned almost 90% of the assets that had been taken. The hacker returned over 176.4 million dollars in digital assets while keeping roughly $20 million for themselves. Because of this occurrence, the significance of bug bounties as a method for resolving vulnerabilities in protocols for decentralized financial transactions has been further highlighted.

It is very necessary for businesses to take bug bounties seriously and provide awards that encourage ethical conduct in their employees. The usefulness of this strategy was recently shown by the fact that Sentiment was successful in regaining its data. Moving ahead, it is probable that other organizations will adopt similar tactics to manage possible security breaches in their systems. This will increase the likelihood that these breaches will occur.


Tagged : / / / / /

Hacker moves stolen funds after bounty launch

A hacker responsible for a $196 million attack on Euler Finance has moved some of the stolen funds into the crypto mixer Tornado Cash, just hours after a $1 million bounty was launched to identify the perpetrator. The attack, carried out through a flash loan on the Ethereum noncustodial lending protocol, resulted in the theft of a range of cryptocurrencies including Dai, USD Coin, staked ETH and wrapped Bitcoin. Blockchain analytics firm PeckShield reported on Twitter that the hacker had transferred 1,000 ETH, equivalent to around $1.65 million, via the sanctioned mixer. Euler Labs had previously sent a message to the attacker’s address warning of the bounty and offering amnesty if 90% of the funds were returned within 24 hours. However, the hacker’s movement of funds suggests that they are not swayed by this offer.

Victims of the attack have been appealing for the return of their funds, with one message on the blockchain claiming that a group of 26 families from jobless rural areas had lost a total of $1 million in the attack. Another message was sent by an apparent victim who congratulated the hacker on their “big win”, but begged for help as they had invested funds they “desperately needed” for a house. “My wife is going to kill me if we can’t afford our house. Is there anyway you can help me? I have no idea what to tell my wife,” they wrote.

The hacker’s use of a crypto mixer is a common tactic for obscuring the source of funds, and is likely to make it harder for authorities to identify them. However, the blockchain trail may still provide some clues, and the bounty may encourage individuals to come forward with information. The incident highlights the risks associated with DeFi and the importance of robust security measures.


Tagged : / / / / /

Transit Finance Convinces Hacker to Return $2m to Protocol

Earlier this month, Transit Finance, a Decentralized Finance (DeFi) protocol, unveiled it was hacked for $21 million, marking the sheet as one of the latest protocols to suffer exploitation this year.


In an unusual turn of events, the protocol has come out to announce that from its conversation with the biggest hacker, there is an agreement to return a significant portion of the funds.

With Transit Finance ready to take the hacking event as a White Hat, the protocol said its main hacker would return 6,500 BNB in the first tranche and return another 3,500 BNB when the protocol has come through with the payment reward promised.

“After friendly communication with white hat #1 (the biggest hacker), we have both reached a consensus. White hat #1 stated that he would refund the users’ 6,500BNB as soon as possible today and promised to refund another 3,500BNB when TransitFinance Official initiates the second phase of refunds. Ultimately white hat #1 will keep 2,500 BNB as a bounty for this event,” the protocol said in a Monday announcement. “TransitFinance Official expresses its gratitude to white hat #1 for the refund and promises that if white hat #1 returns the remaining 3500BNB as agreed, TransitFinance Official will no longer hold him any legal responsibility.”

The DeFi protocol said it has filed for legal proceedings, and while it will make good on its promise not to launch a lawsuit against Whitehat #1, the protocol said it would not hesitate if other hackers do not return the funds stolen.

Relying on whitehat-hinged refunds is not something that is uncommon and was made popular when the hacker who stole over $610 million from the interoperability network Poly Network returned the complete funds stolen last year.

When Poly Whitehat refunded the cash stolen, many protocols started appealing to the hackers, and a few, like Transit Finance, has recorded success in their moves.

Image source: Shutterstock


Tagged : / / / /

Optimism Fixes “Critical Bug” Discovered By Outside Developer

Key Takeaways

  • Optimism, a popular Ethereum Layer 2 scaling solution, has patched a major vulnerability in its network.
  • The team was alerted of the vulnerability last week by a developer named Jay Freeman, also known as “saurik.”
  • He was awarded the maximum possible bounty award of more than $2 million.

Share this article

Optimism has fixed a “critical bug” in its Geth (Ethereum’s most popular implementation) fork. The bug was discovered by Jay Freeman, the developer behind both Cydia and Orchid Protocol, who informed Optimism about it on Feb. 2 and was subsequently awarded its highest bounty. 

Optimism Bug Fixed

Large losses may have been avoided by a simple bug discovery. 

Optimism, the fourth-largest Layer 2 Ethereum scaling solution by total value locked, announced today that it had patched a critical bug in its Geth fork that had been discovered by developer Jay Freeman. Freeman was awarded the maximum bounty award of more than $2 million for alerting Optimism of the vulnerability.

If exploited, the bug would have allowed for ETH to be repeatedly created on Optimism through “triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.” The SELFDESTRUCT function allows for the destruction of certain Ethereum smart contracts. 

The bug was never exploited, though it might have been triggered by an Etherscan employee by accident. No “usable ETH” was created upon this accidental triggering, though. 

A fix for the vulnerability was tested on Kovan, Optimism’s test net, and then deployed on the network’s mainnet—as well as on its infrastructure providers and forks—within hours after confirmation. The network remained operational throughout. 

To patch the issue, Optimism developers shared a private patch with “key parties” immediately. After the patch was revealed as successful, it was “publicly released…hidden in an inconspicuous commit.” The team had to go about the patch fix and release with care due to the growing number of parties in the protocol’s ecosystem: various bridges, providers, and mainnet forks. This complexity contributes positively to decentralization but makes releases, especially security releases, more difficult, said the team. 

The bounty Optimism pays for whitehat hackers is based on the threat level posed by the bug—in this case, Freeman received the maximum possible award. 

Vitalik Buterin has discussed the importance of Layer 2’s for Ethereum’s future in order to combat the networks’ high transaction fees that, he said, made the network “not ready for direct mass adoption” on Layer 1. Last November, he introduced EIP 4488, an Ethereum improvement proposal focused on reducing gas fees even on Ethereum Layer 2 scaling solutions. 

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article


Tagged : / / / /

Lightning Speed 004: What’s The Lightning Development Initiative?

There’s no denying that 2021 was the Lightning Network’s year. What does the future hold, though? If the objective is to onboard the next billion people, the network needs work and fine-tuning. To grab the bull by the horns, The Human Rights Foundation and Strike set up three 1 BTC bounties

The bounties will go to the first person or team to develop an anonymous Lightning tip jar, a tokenless way to peg BTC to dollars, or a privacy-focused wallet that supports some kind of Chaumian e-cash feature. In a Twitter Spaces conversation about the program, they named it The Lightning Development Initiative. 

A catchy name that we’ll use from now on to refer to all of this. This fourth edition of Lightning Speed is all about the future. Let’s explore the three ideas and the new information that we have about each of them.

5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!

The Lightning Development Initiative In Twitter Spaces

Among the speakers were Strike’s Jack Mallers, The Human Rights Foundation’s Alex Gladstein, Bitcoin Magazine’s Christian Keroles AKA CK Snarks, and Tales From The Crypt’s Matt Odell. It took place December 29th and Bitcoin Magazine hosted it. A Twitter user named Gigi summarized it for us.

Bounty #1: An Anonymous Tip Jar

In our sister site Bitcoinist’s report, they described the challenge as follows:

Get 110 USDT Futures Bonus for FREE!

“Can you create a Lightning tip jar that doesn’t reveal any information about the parties involved? That’s the first task. How to receive completely anonymous donations. According to Bitcoin Mag, the “goal is to enable anyone to use free and open-source software (FOSS) to print a QR code that can be used for receiving Lightning payments privately. Importantly, “The QR code should not reveal the public key or IP address of the user.” 

In the Lightning Development Initiative’s report, we learned that this has to do with the two competing protocols, Bolt12 and lnurl. Jack Mallers “pointed out the absolute need for interoperability on LN and that even though lnurl might not be “optimal” right now, the market will eventually decide what open standard they prefer to use. He thinks that currently UX is a major focus for the LN community and we should make peace with the fact that there will be competition between solutions.”

Mallers put forth another interesting idea, “contrary to the Bitcoin main chain, we can somewhat afford to f**k up on the Lightning Network. As long as the Bitcoin monetary policy is not threatened then we can freely fiddle on top of the protocol via Lightning.”

BTCUSD price chart for 01/14/2021 - TradingView

BTC price chart for 01/14/2022 on Bitfinex | Source: BTC/USD on

Bounty #2: Stablecoin On Lightning Without A Token

Bitcoinist described this one as:

“The second challenge seems to be even more difficult, at least on a conceptual level. The HRF and Strike want a wallet that enables “anyone to “peg” an amount of bitcoin to U.S. dollars without needing an exchange or another token.” That’s right, without a centralized entity. And relying only on sats and bitcoin.”

Gigi summarizes why the world needs this:

“The goal is to allow people to access dollars without a single point of failure. Further down the line, as Bitcoin becomes less volatile, these people can use btc, but until then there’s massive demand for holding value in dollars. The tether market cap is proof of this.”

Bounty #3: A Chaumian E-Cash Feature

First of all, Investopedia defines Chaumian e-cash as:

“eCash was a digital-based system that facilitated the transfer of funds anonymously. A pioneer in cryptocurrency, its goal was to secure the privacy of individuals that use the Internet for micropayments. eCash was created by Dr. David Chaum under his company, DigiCash, in 1990.“

So, once again, anonymity is the priority. As Alex Gladstein put it when announcing the bounties, they’re “for the first open-source, non-custodial, non-KYC Lightning wallets to ship features requested by dissidents worldwide.” Also, take into consideration the words of security expert Brian Trollz’s words, “Bitcoin without privacy is nothing but a surveillance system.”

What does Gigi have for us on this topic? “We need a sort of Chaumian e-cash, extremely easy to use for the Plebs and accessible. Maybe the solution is a federated  one, making it harder to regulate.” He then quotes Jack Mallers again, “There’s going to be a singular standard for the internet of money (Bitcoin). Many will compete on top of BTC so we need “interoperability to the standard.”

Conclusion: The Future Is Bright

Developers, teams, companies, anyone can earn the Lighting Development Initiative’s bounties. The non-profit OpenSats will serve as the judge. They are all open for the whole year. If by the end of 2022 no one has claimed them, the money will go to the Human Rights Foundation’s Bitcoin Development Fund on January 1st. Which is fair. Especially considering they gave 425 million Sats to these worthy organizations and individuals.

For more information and details read Bitcoinist’s original report.

Featured Image by Micah Tindell on Unsplash  | Charts by TradingView


Tagged : / / / / / / / / / / / / / / / / / / / / / / / /

Binance Announces $10M BSC Bug Bounty Program

Key Takeaways

  • Binance Smart Chain has announced a $10 million bug bounty program to improve on-chain security.
  • The program will incentivize ethical hackers to report vulnerabilities before they are exploited.
  • The move follows a series of hacks and exploits that have taken place on Binance Smart Chain this year.

Share this article

Binance Smart Chain has announced a $10 million bug bounty program, aiming to increase the security of decentralized applications in the blockchain’s ecosystem. 

Binance Smart Chain Focuses on Security

Binance is taking steps to address security concerns in Binance Smart Chain (BSC) applications.

On Monday, the exchange announced a $10 million joint bounty program for the BSC ecosystem in an official blog post. The new program, called “Priority ONE,” aims to shore up security by incentivizing ethical hackers to disclose attack vectors discovered in BSC applications. 

The post details how the program will create a safer on-chain environment for users, stating:

“This joint bounty program aims to continuously improve software security and lifecycle management, provide risk controls, and attract more proactive penetration testing to identify issues early.”

As a joint program, Binance will initially provide $3 million to reward successful bug finders. The exchange is aiming to raise the remaining $7 million via a new BSC Evolution Proposal. If the proposal passes, existing validators will need to dedicate a small percentage of their daily block rewards to the bounty pool. 

In 2021, several applications running on BSC have fallen foul of major exploits costing users millions. In March, yield farming project Meerkat Finance lost $31 million of assets in a suspected rug pull. Vulnerabilities in smart contract code have also led to flash loan attacks, wiping out an estimated $200 million in the case of yield aggregator Bunny Finance. 

With so many vulnerabilities discovered in recent months, confidence in BSC has dropped. Government regulators in the U.K. and Italy have publicly warned consumers about the risks of investing in cryptocurrencies, specifically in reference to Binance.  

SIMETRI Research
Blockone Settlement

By launching its bug bounty program, Binance is seeking to avoid future exploits and restore its reputation. Additionally, increasing on-chain security will help as the exchange grapples with mounting regulatory pressure. 

Despite the controversies, the blockchain’s native BNB token has seen a significant rise in recent months. It’s up over 700% this year. 

Disclaimer: At the time of writing this feature, the author owned BTC and ETH. 

Share this article


Tagged : / / / / / /
Bitcoin (BTC) $ 26,568.12 0.04%
Ethereum (ETH) $ 1,592.23 0.05%
Litecoin (LTC) $ 64.66 0.15%
Bitcoin Cash (BCH) $ 208.71 0.87%