As a seasoned Web3 security researcher with years of experience under my belt, I can confidently say that the recent $150,000 bounty reward earned by pseudonymous Spearbit researcher “jayjonah.eth” is a testament to the power of thorough documentation reading and relentless curiosity. In my journey, I’ve found that critical bugs often hide in plain sight, and sometimes, they are as simple as a misplaced comma or an overlooked account in the project documents.
A Web3 security researcher earned a bounty reward of $150,000 by reading the Cosmos Network documentation and finding a critical bug that could halt the Evmos blockchain and all decentralized applications (DApps) built on it.
The cybersecurity expert known as “jayjonah.eth” – who goes by the pseudonym Spearbit – was awarded $150,000 for discovering a weakness in the Evmos blockchain. This discovery was made through the Evmos Bug Bounty Program, an initiative that started in November 2022 and rewards individuals like Spearbit for finding vulnerabilities within the system.
On October 28th, he shared his discovery of the “module accounts” notion from the Cosmos documentation in a blog post. This term refers to specific types of accounts within the Cosmos system that are used for executing certain functions or transactions.
“If these addresses (module accounts) receive funds outside the expected rules of the state machine, invariants are likely to be broken and could result in a halted network.”
Crash-testing Evmos blockchain based on Cosmos documentation
The security researcher tried sending funds to the module account in a test environment to test the theory and reported:
“At this point, no more blocks are being produced and the chain has completely halted. This breaks the Evmos blockchain and all the DApps built on it.”
He revealed that the Evmos team fixed the bug before the information was made public.
In summary, the researcher received top compensation for discovering a crucial software glitch. Notably, jayjonah.eth emphasized that security analysts should carefully review project documentation, as sometimes the most significant issues can be surprisingly straightforward.
Apart from aiding projects in reducing the chance of cyber-assaults, bug bounty programs serve another purpose: they help decrease potential damages that might occur during a hacking incident.
Hacker negotiates bug bounty with Shezmu protocol
In September, Shezmu managed to retrieve around $5 million worth of cryptocurrency that had been stolen, by negotiating with a hacker using the yield protocol, and ultimately agreeing to meet their increased reward requirement.
Originally, Shezmu proposed a 10% reward for the hacker as a digital message on the blockchain, asking them to restore 90% of the stolen assets within a day.
Instead, the hacker asked for a 20% share of the stolen assets as a reward, a request that was granted by the protocol, leaving them with the rest of the stolen money.
Read More
- FLOKI PREDICTION. FLOKI cryptocurrency
- TRB PREDICTION. TRB cryptocurrency
- CAKE PREDICTION. CAKE cryptocurrency
- JTO PREDICTION. JTO cryptocurrency
- XDC PREDICTION. XDC cryptocurrency
- MNT PREDICTION. MNT cryptocurrency
- HBAR PREDICTION. HBAR cryptocurrency
- OM PREDICTION. OM cryptocurrency
- Dandadan Shares First Look at Season Finale: Watch
- OKB PREDICTION. OKB cryptocurrency
2024-10-29 14:34