An immunefi researcher uncovered a security loophole in three Polkadot chains that hackers would have exploited to launch a cyberattack on the platform. A $1 million incentive was given to the researcher.
Possible Hack Exploitation Averted
An immunefi researcher uncovered a security flaw in the Polkadot block chain that hackers would have used to siphon over $100 million from three of its chains.
The researcher, Pwning.eth, identified this security flaw in June when the Polkadot blockchain released a new program for their three parachains. The report was sent immediately to immunefi, a bug discovery forum.
Immunefi issued a statement regarding the researcher’s discovery of a significant fault in the upgraded program supplied for the three chains on the Polkadot network. This discovery saved the network from an exploitation that might have resulted in a loss of more than $100 million.
This issue alone would have allowed hackers to mint more wrapped tokens, which they would have used for their own purposes.
Wrapping is a phenomenon in which tokens of a particle network or blockchain are converted into tokens which are given to the user and can be utilized on apps.
The Severeness Of The Bug
This security flaw on the three chains might have been exploited to mint a large number of wrapped tokens on the network and profit from their use in these apps. Moonbean, Astar, and Moonriver were the three chains affected.
If this gap had been discovered by a hacker, the total projected amount of tokens exploited would have been over $100 million drained from the three chains, but thanks to the researcher, this was avoided.
After this discovery was reported to immunefi, the platform notified Polkadot, and the Polkadot team worked to remedy this flaw while also offering an immediate interim fix to prevent any hacker from taking advantage of this opportunity to attack, while they worked on a more permanent and effective repair.
Moonbeam and Aster granted this honest researcher a $1 million bounty for this finding, with additional funds given by unaffected firms.
Pwning.eth has detected bugs on platforms before; in 2022, he was given $6 million for discovering a bug on the Aurora chain.