Aurora pays $2 million bounty to two hackers who discovered critical vulnerabilities

2022-09-30 06:59:39

Collection

According to Chain Catcher news and reported by The Block, the NEAR ecosystem's EVM scaling network Aurora has paid a bounty of $2 million to two hackers who discovered critical vulnerabilities.

The first vulnerability is related to Aurora having a different ERC-20 standard, called NEP-141. Attackers could create a worthless NEP-141 on NEAR, bridge it to Aurora, and then send it to unsuspecting victims on Aurora. Aurora stated in its report that this would allow attackers to "essentially obtain ETH from Aurora addresses for free." This is because there is an option in the cross-chain bridge to charge the recipient a fee in ETH.

The second vulnerability is related to the burn function in the Aurora cross-chain bridge. Attackers may have created a "fake burn" on Aurora, using this false event to extract funds from the "locker on Ethereum." (Source link)

Related tags

Aurora NEAR bounty

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.