DeFi’s largest reported bounty payment was paid to a white hat hacker

Cointelegraph spoke with the hacker to get his perspective on the events and the wider implications of bounty programs for DeFi’s security. Belt Finance, an automated market maker protocol (AMM), that uses a yield optimization strategy on Binance Smart Chains (BSC), claims it has paid the largest bounty in decentralized finance history (DeFi), to a whitehat hacker who prevented a $10 million bug crisis. Alexander Schlindwein, a whitehat programmer in the industry, discovered the vulnerability in Belt Finance’s protocol and reported it to the team. Schlindwein was awarded a generous $1.05 million compensation for his efforts. The majority ($1 million) was given by Immunefi with the additional $50,000 provided by Binance Smart Chain’s Priority One Program. Immunefi is a market leader in software security for cryptocurrency projects. The platform has paid out more than $3 million to whitehat hackers since its inception. Priority One is a BSC initiative that was launched in July to improve the security of dApps within the platform’s ecosystem. The service offers a $10 million incentive to blockchain bounty hunters who contribute to the prevention of security breaches across 100 of its dApps. It mirrors the structure of Immunefi. Alexander Schlindwein shared his story with Cointelegraph: “I went through the list bug bounties on Immunefi, and chose Belt Finance as the next project to work on. While I was looking at their smart contracts, I noticed a possible bug in their internal bookkeeping that keeps track of each user’s deposited funds. I was more confident in the existence and validity of the bug after playing the attack with pen and paper. I produced a proof-of-concept, which undoubtedly confirmed its economic validity.” Schlindwein added, “The next step was to create an Official Report on Immunefi, including the PoC, and an extensive description about the exploit. “Immunefi immediately responded to the critical report, and it was escalated to Belt within three minutes. Soon after, Belt confirmed that the report was valid and began to implement a fix. “Related: The perfect storm: DeFi hacks will advance the crypto sector moving forwardAlthough DeFi’s security breaches remain a prevalent concern, it has been argued by some that the nascent ecosystem will benefit from such incidents in the long term, as areas of weaknesses are starkly highlighted.Cointelegraph asked Schlindwein his perspective on the importance of bounty programs in supporting DeFi’s antifragile ambitions:”I am strongly convinced of the importance of bug bounties and initiatives such as bounty funds. Security at DeFi is multilayered. It includes peer review, unit testing, external audits, and formal verification. Bug bounties are the last line to defend against an issue that slips through the layers. They can prevent a catastrophic hack and instead fix the issue and compensate the finder. It’s wonderful to see so many projects launching bug bounty today, which will definitely bring DeFi security forward over the long-term,” Schlindwein said.

Relevant news

Leave a Reply