White hat hackers paid DeFi’s largest reported bounty

(DeFi) Belt Finance, an automated market maker (AMM) protocol that runs a profit optimization strategy on Binance Smart Chain (BSC), claims to have paid the largest bounty in decentralized finance (DeFi) history to a white hacker who bought a $ 10 . prevented millions bug out of the crisis.

Whitehat industry programmer Alexander Schlindwein discovered a vulnerability in Belt Finance’s log this week and reported the news to the team. For his efforts, Schlindwein received generous compensation of $ 1.05 million, the majority of which ($ 1 million) from Immunefi, with an additional $ 50,000 from the First of Binance Smart Chain Preferred Program.

Immunefi is one of the market leaders in software security for crypto projects. Since its inception, the platform has reportedly paid over $ 3 million to white hackers who successfully identified technical infrastructure flaws in smart contracts and crypto platforms.

Priority One is a BSC initiative launched in July to strengthen dApp security within the platform’s native ecosystem. Reflecting the structure of Immunefi, the service offers a $ 10 million incentive fund to blockchain bounty hunters who successfully help prevent security breaches at 100 dApps.

Alexander Schlindwein told Cointelegraph how he discovered the weak point:

“I went through the list of bug rewards on Immunefi and chose Belt Finance as my next job. While researching their smart contracts, I noticed a potential flaw in their internal accounting that keeps track of each user’s deposited funds. Playing the pen and paper attack gave me more confidence in the existence of the bug. I went on to do a proof-of-concept fit that certainly confirmed its validity and economic damage. “

“The next step was to produce an official Immunefi report that included the PoC and a detailed description of the mining,” said Schlindwein, adding, “Immunefi responded immediately to the meaningful report and within three minutes of filing it he forwarded to the group belt. Shortly thereafter, Belt confirmed the validity of the report and began working on a fix that would then close the vulnerability. “

Related: Perfect Storm: DeFi Hacks Will Boost The Crypto Sector In The Future

While DeFi security breaches remain a common problem, some have argued that the nascent ecosystem would benefit from such incidents in the long term, as the weaknesses show.

Cointelegraph asked Schlindwein for his opinion on the importance of bounty programs in support of DeFi’s defragmentation ambitions:

“I firmly believe in the importance of bug bounties and initiatives like bounty funds. DeFi security spans many levels, starting with peer review and unit testing, through to external review and formal verification. Bug bounties are the last line of defense when a problem slips through the layers above, with the potential to prevent a devastating hack while instead seriously fixing the problem and compensating the finder. “

“Error rewards in DeFi were rare before Immunefi, which were only offered by the ‘Crème de la Crème’ projects. It’s great to see hundreds of projects launching their bug bounties today, which will definitely bring DeFi security in the long run, ”concludes Schlindwein.