Lending protocol A recent hacking incident using Sentiment resulted in the perpetrator stealing close to one million dollars. However, because to a reward of $95,000 that was offered to the hacker, the protocol was successful in recovering the stolen cash. Through the use of the Arbitrum blockchain, Sentiment spoke with the hacker, imploring them to “do the right thing” and restore the cash by April 6 at the latest. In addition, the policy guaranteed the same payment to anybody who was able to assist in determining who was responsible for the crime and bringing them to justice.
After monitoring the situation, the creator of MetaMask, Taylor Monahan, made the announcement that the hacker had returned 414 ether, which is equivalent to around $771,000 at the current exchange rate. After some time had passed, the hacker sent a further 51.75 ETH to the recovery address provided by Sentiment. The protocol said unequivocally that it had been successful in acquiring the monies and that the problem had been fixed.
On April 4, a hack was carried out, and it is thought that it was carried out as a consequence of a re-entry assault or a flaw. As was stated by a few members of the community, this episode underscores how critically important it is for businesses to take bug bounties seriously. Even one of the members gave the hacker kudos for “taking it by force” with their efforts. On the other hand, a different user of Twitter voiced their disapproval of the event, labeling it as “a bug bounty with a criminal step,” and asking businesses to provide greater and more open bug bounties.
Comparisons have been made between this attack and the recent one that occurred at Euler Finance, in which the Ethereum protocol awarded a reward to a hacker who returned almost 90% of the assets that had been taken. The hacker returned over 176.4 million dollars in digital assets while keeping roughly $20 million for themselves. Because of this occurrence, the significance of bug bounties as a method for resolving vulnerabilities in protocols for decentralized financial transactions has been further highlighted.
It is very necessary for businesses to take bug bounties seriously and provide awards that encourage ethical conduct in their employees. The usefulness of this strategy was recently shown by the fact that Sentiment was successful in regaining its data. Moving ahead, it is probable that other organizations will adopt similar tactics to manage possible security breaches in their systems. This will increase the likelihood that these breaches will occur.
A hacker responsible for a $196 million attack on Euler Finance has moved some of the stolen funds into the crypto mixer Tornado Cash, just hours after a $1 million bounty was launched to identify the perpetrator. The attack, carried out through a flash loan on the Ethereum noncustodial lending protocol, resulted in the theft of a range of cryptocurrencies including Dai, USD Coin, staked ETH and wrapped Bitcoin. Blockchain analytics firm PeckShield reported on Twitter that the hacker had transferred 1,000 ETH, equivalent to around $1.65 million, via the sanctioned mixer. Euler Labs had previously sent a message to the attacker’s address warning of the bounty and offering amnesty if 90% of the funds were returned within 24 hours. However, the hacker’s movement of funds suggests that they are not swayed by this offer.
Victims of the attack have been appealing for the return of their funds, with one message on the blockchain claiming that a group of 26 families from jobless rural areas had lost a total of $1 million in the attack. Another message was sent by an apparent victim who congratulated the hacker on their “big win”, but begged for help as they had invested funds they “desperately needed” for a house. “My wife is going to kill me if we can’t afford our house. Is there anyway you can help me? I have no idea what to tell my wife,” they wrote.
The hacker’s use of a crypto mixer is a common tactic for obscuring the source of funds, and is likely to make it harder for authorities to identify them. However, the blockchain trail may still provide some clues, and the bounty may encourage individuals to come forward with information. The incident highlights the risks associated with DeFi and the importance of robust security measures.
Earlier this month, Transit Finance, a Decentralized Finance (DeFi) protocol, unveiled it was hacked for $21 million, marking the sheet as one of the latest protocols to suffer exploitation this year.
In an unusual turn of events, the protocol has come out to announce that from its conversation with the biggest hacker, there is an agreement to return a significant portion of the funds.
With Transit Finance ready to take the hacking event as a White Hat, the protocol said its main hacker would return 6,500 BNB in the first tranche and return another 3,500 BNB when the protocol has come through with the payment reward promised.
“After friendly communication with white hat #1 (the biggest hacker), we have both reached a consensus. White hat #1 stated that he would refund the users’ 6,500BNB as soon as possible today and promised to refund another 3,500BNB when TransitFinance Official initiates the second phase of refunds. Ultimately white hat #1 will keep 2,500 BNB as a bounty for this event,” the protocol said in a Monday announcement. “TransitFinance Official expresses its gratitude to white hat #1 for the refund and promises that if white hat #1 returns the remaining 3500BNB as agreed, TransitFinance Official will no longer hold him any legal responsibility.”
The DeFi protocol said it has filed for legal proceedings, and while it will make good on its promise not to launch a lawsuit against Whitehat #1, the protocol said it would not hesitate if other hackers do not return the funds stolen.
Relying on whitehat-hinged refunds is not something that is uncommon and was made popular when the hacker who stole over $610 million from the interoperability network Poly Network returned the complete funds stolen last year.
When Poly Whitehat refunded the cash stolen, many protocols started appealing to the hackers, and a few, like Transit Finance, has recorded success in their moves.
Optimism, a popular Ethereum Layer 2 scaling solution, has patched a major vulnerability in its network.
The team was alerted of the vulnerability last week by a developer named Jay Freeman, also known as “saurik.”
He was awarded the maximum possible bounty award of more than $2 million.
Share this article
URL Copied
Optimism has fixed a “critical bug” in its Geth (Ethereum’s most popular implementation) fork. The bug was discovered by Jay Freeman, the developer behind both Cydia and Orchid Protocol, who informed Optimism about it on Feb. 2 and was subsequently awarded its highest bounty.
Optimism Bug Fixed
Large losses may have been avoided by a simple bug discovery.
Optimism, the fourth-largest Layer 2 Ethereum scaling solution by total value locked,announcedtoday that it had patched a critical bug in its Geth fork that had been discovered by developerJay Freeman. Freeman was awarded the maximum bounty award of more than $2 million for alerting Optimism of the vulnerability.
If exploited, the bug would have allowed for ETH to be repeatedly created on Optimism through “triggering theSELFDESTRUCTopcode on a contract that held an ETH balance.” TheSELFDESTRUCTfunctionallowsfor the destruction of certain Ethereum smart contracts.
The bug was never exploited, though it might have been triggered by an Etherscan employee by accident. No “usable ETH” was created upon this accidental triggering, though.
A fix for the vulnerability was tested on Kovan, Optimism’s test net, and then deployed on the network’s mainnet—as well as on its infrastructure providers and forks—within hours after confirmation. The network remained operational throughout.
To patch the issue, Optimism developers shared a private patch with “key parties” immediately. After the patch was revealed as successful, it was “publicly released…hidden in an inconspicuous commit.” The team had to go about the patch fix and release with care due to the growing number of parties in the protocol’s ecosystem: various bridges, providers, and mainnet forks. This complexity contributes positively to decentralization but makes releases, especially security releases, more difficult, said the team.
The bounty Optimism pays for whitehat hackers is based on thethreat levelposed by the bug—in this case, Freeman received the maximum possible award.
Vitalik Buterin hasdiscussedthe importance of Layer 2’s for Ethereum’s future in order to combat the networks’ high transaction fees that, he said, made the network “not ready for direct mass adoption” on Layer 1. Last November, he introducedEIP 4488, an Ethereum improvement proposal focused on reducing gas fees even on Ethereum Layer 2 scaling solutions.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
Share this article
URL Copied
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
$8M Lost as THORChain Suffers Third Attack in a Month
THORChain says the attacker made off with around $8 million. THORChain Hit by Another Exploit THORChain has suffered its third critical attack in a month. THORChain has suffered a sophisticated…
Balancer Pool Exploited, Over $500,000 of Funds Lost
A hacker found a loophole in a Balancer pool via a deflationary token, resulting in the pool being drained of $535,000. Balancer’s co-founder took responsibility for ignoring a previous bug…
Audience Survey Win A $360 Subscription To Pro BTC Trader
Answer the questions below and share your email for a chance to win. Every month, 5 people will receive a $360 1-year subscription to Pro BTC Trader. Free. We’re doing…
$60M Stolen From AnubisDAO in Latest DeFi Attack
AnubisDAO has suffered from an attack in which an unknown entity stole $60 million from the project’s auction pool. Funds Drained From AnubisDAO In Suspected Rug pull AnubisDAO, a newly-launched…
There’s no denying that 2021 was the Lightning Network’s year. What does the future hold, though? If the objective is to onboard the next billion people, the network needs work and fine-tuning. To grab the bull by the horns, The Human Rights Foundation and Strike set upthree 1 BTC bounties.
The bounties will go to the first person or team to develop an anonymous Lightning tip jar, a tokenless way to peg BTC to dollars, or a privacy-focused wallet that supports some kind of Chaumian e-cash feature. In a Twitter Spaces conversation about the program, they named it The Lightning Development Initiative.
A catchy name that we’ll use from now on to refer to all of this. This fourth edition of Lightning Speed is all about the future. Let’s explore the three ideas and the new information that we have about each of them.
5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!
The Lightning Development Initiative In Twitter Spaces
Among the speakers were Strike’s Jack Mallers, The Human Rights Foundation’s Alex Gladstein, Bitcoin Magazine’s Christian Keroles AKA CK Snarks, and Tales From The Crypt’s Matt Odell. It took place December 29th and Bitcoin Magazine hosted it. A Twitter user named Gigi summarized it for us.
🚨 A thread summarizing the Lightning Développement Initiative Space ⬇️
3 amazingly interesting topic related to the bounties were discussed.
I’m so bullish on Lightning⚡ it hurts. Very grateful to have these people on our side ❤️👑
let’s look at my notes 🧵 pic.twitter.com/PRs9cohPaN
— Gigi ⚡🇨🇵 (@GuerillaV2) December 29, 2021
Bounty #1: An Anonymous Tip Jar
In our sister site Bitcoinist’s report, they described the challenge as follows:
Get 110 USDT Futures Bonus for FREE!
“Can you create a Lightning tip jar that doesn’t reveal any information about the parties involved? That’s the first task. How to receive completely anonymous donations. According to Bitcoin Mag, the “goal is to enable anyone to use free and open-source software (FOSS) to print a QR code that can be used for receiving Lightning payments privately. Importantly, “The QR code should not reveal the public key or IP address of the user.”
In the Lightning Development Initiative’s report, we learned that this has to do with the two competing protocols, Bolt12 and lnurl. Jack Mallers “pointed out the absolute need for interoperability on LN and that even though lnurl might not be “optimal” right now, the market will eventually decide what open standard they prefer to use. He thinks that currently UX is a major focus for the LN community and we should make peace with the fact that there will be competition between solutions.”
Rockstar pointed out that this debate around lnurl vs bolt12 will have huge implications for the future but that he’s glad that there’s now an active discussion on the matter.
Jack added that contrary to the Bitcoin main chain, we can somewhat afford to fuck up on LN..
— Gigi ⚡🇨🇵 (@GuerillaV2) December 29, 2021
Mallers put forth another interesting idea, “contrary to the Bitcoin main chain, we can somewhat afford to f**k up on the Lightning Network. As long as the Bitcoin monetary policy is not threatened then we can freely fiddle on top of the protocol via Lightning.”
BTC price chart for 01/14/2022 on Bitfinex | Source: BTC/USD on TradingView.com
Bounty #2: Stablecoin On Lightning Without A Token
Bitcoinist described this one as:
“The second challenge seems to be even more difficult, at least on a conceptual level. The HRF and Strike want a wallet that enables “anyone to “peg” an amount of bitcoin to U.S. dollars without needing an exchange or another token.” That’s right, without a centralized entity. And relying only on sats and bitcoin.”
Gigi summarizes why the world needs this:
“The goal is to allow people to access dollars without a single point of failure. Further down the line, as Bitcoin becomes less volatile, these people can use btc, but until then there’s massive demand for holding value in dollars. The tether market cap is proof of this.”
It serve an important humanitarian use case. We need to create the foundation for this new financial system.@Chris_Stewart_5 >> maybe it can be done with DLC’s? Not using a token but rather something representing price exposure (think Eurodollar system). (oracles?)
The END.
— Gigi ⚡🇨🇵 (@GuerillaV2) December 29, 2021
Bounty #3: A Chaumian E-Cash Feature
First of all,Investopediadefines Chaumian e-cash as:
“eCash was a digital-based system that facilitated the transfer of funds anonymously. A pioneer in cryptocurrency, its goal was to secure the privacy of individuals that use the Internet for micropayments. eCash was created by Dr. David Chaum under his company, DigiCash, in 1990.“
So, once again, anonymity is the priority. AsAlex Gladstein put itwhen announcing the bounties, they’re “for the first open-source, non-custodial, non-KYC Lightning wallets to ship features requested by dissidents worldwide.” Also, take into consideration the words of security expertBrian Trollz’s words, “Bitcoin without privacy is nothing but a surveillance system.”
Bitcoin without privacy is nothing but a surveillance system.
— Shino (@brian_trollz) January 13, 2022
What does Gigi have for us on this topic? “We need a sort of Chaumian e-cash, extremely easy to use for the Plebs and accessible. Maybe the solution is a federated one, making it harder to regulate.” He then quotes Jack Mallers again, “There’s going to be a singular standard for the internet of money (Bitcoin). Many will compete on top of BTC so we need “interoperability to the standard.”
Matt: We need to make it very easy to use because experience shows us that if it’s somewhat challenging (coinjoins etcc) people won’t bother to protect their privacy (goddam idiot normies 🤡)
— Gigi ⚡🇨🇵 (@GuerillaV2) December 29, 2021
Conclusion: The Future Is Bright
Developers, teams, companies, anyone can earn the Lighting Development Initiative’s bounties. The non-profit OpenSats will serve as the judge. They are all open for the whole year. If by the end of 2022 no one has claimed them, the money will go to the Human Rights Foundation’s Bitcoin Development Fund on January 1st. Which is fair. Especially considering they gave 425 million Sats tothese worthy organizations and individuals.
For more information and detailsread Bitcoinist’s original report.
Featured Image by Micah Tindell on Unsplash | Charts by TradingView
Binance Smart Chain has announced a $10 million bug bounty program to improve on-chain security.
The program will incentivize ethical hackers to report vulnerabilities before they are exploited.
The move follows a series of hacks and exploits that have taken place on Binance Smart Chain this year.
Share this article
Binance Smart Chain has announced a $10 million bug bounty program, aiming to increase the security of decentralized applications in the blockchain’s ecosystem.
Binance Smart Chain Focuses on Security
Binance is taking steps to address security concerns in Binance Smart Chain (BSC) applications.
On Monday, the exchange announced a $10 million joint bounty program for the BSC ecosystem in an official blog post. The new program, called “Priority ONE,” aims to shore up security by incentivizing ethical hackers to disclose attack vectors discovered in BSC applications.
The post details how the program will create a safer on-chain environment for users, stating:
“This joint bounty program aims to continuously improve software security and lifecycle management, provide risk controls, and attract more proactive penetration testing to identify issues early.”
As a joint program, Binance will initially provide $3 million to reward successful bug finders. The exchange is aiming to raise the remaining $7 million via a new BSC Evolution Proposal. If the proposal passes, existing validators will need to dedicate a small percentage of their daily block rewards to the bounty pool.
In 2021, several applications running on BSC have fallen foul of major exploits costing users millions. In March, yield farming project Meerkat Finance lost $31 million of assets in a suspected rug pull. Vulnerabilities in smart contract code have also led to flash loan attacks, wiping out an estimated $200 million in the case of yield aggregator Bunny Finance.
Attention Bunny Fam
Our project has suffered a flash loan attack from an outside exploiter.
We will be posting a post mortem, in depth analysis, but for the time being we would like to update the community as to how this happened.
— pancakebunny.finance (@PancakeBunnyFin) May 20, 2021
With so many vulnerabilities discovered in recent months, confidence in BSC has dropped. Government regulators in the U.K. and Italy have publicly warned consumers about the risks of investing in cryptocurrencies, specifically in reference to Binance.
By launching its bug bounty program, Binance is seeking to avoid future exploits and restore its reputation. Additionally, increasing on-chain security will help as the exchange grapples with mounting regulatory pressure.
Despite the controversies, the blockchain’s native BNB token has seen a significant rise in recent months. It’s up over 700% this year.
Disclaimer: At the time of writing this feature, the author owned BTC and ETH.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Problems Abound on BSC as Bunny Finance Suffers Attack
An attacker used a flash loan to exploit the Binance Smart Chain yield aggregator Bunny Finance earlier this morning. They dumped BUNNY tokens on the market, causing prices to plummet…
Binance Smart Chain DeFi Project Hacked for $31 Million
The BNB-BUSD yield farming “Vault 1” of the DeFi application Meerkat finance, a clone of Yearn Finance on Binance Smart Chain, was drained for $31 million this morning. Meerkat Finance…
Binance Faces Yet More Regulatory Scrutiny from Italy
Binance is not authorized to operate in Italy, the regulatory watchdog Consob has said. Another Country Comes Down on Binance Italy joins the long list of countries warning Binance about…
