Aurora Labs Pays $2M to Hackers Who Found Two Vulnerabilities

Reading Time: < 1 minute

The Aurora Labs team received in June two bug reports with critical vulnerabilities identified. The company paid the maximum rewards to the authors of the reports, which is $1 million each in Aurora (AURORA) tokens.

According to the company developers, the first vulnerability concerns the logic of the NEAR Rainbow Bridge cross-chain bridge for transferring assets between Ethereum and Aurora via NEAR. A hacker could trick the Aurora Engine into generating a fake token burn proof, provide it to the bridge, and steal the funds from the vault.

Aurora Labs has banned the Aurora Engine from outputting data that looks like burn proof. The team continues to work on a long-term and more robust proof of balance solution.

The second vulnerability is related to the transfer of tokens from Ethereum to Aurora. The attacker could send wrapped tokens to the recipient and charge the recipient up to 18.4 ETH.

Follow and like us on

OpenSea Announces it Will Not Support Potential Ethereum Forks

US Requests Binance CEO Records in Relation to Money Laundering Case

Related Posts