{"id":346465,"date":"2021-09-30T15:55:00","date_gmt":"2021-09-30T12:55:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/white-hat-hacker-paid-defis-largest-reported-bounty-fee\/"},"modified":"2021-09-30T15:55:00","modified_gmt":"2021-09-30T12:55:00","slug":"white-hat-hacker-paid-defis-largest-reported-bounty-fee","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/white-hat-hacker-paid-defis-largest-reported-bounty-fee\/","title":{"rendered":"# White hat hacker paid DeFi\u2019s largest reported bounty fee"},"content":{"rendered":"

# White hat hacker paid DeFi\u2019s largest reported bounty fee <\/strong>”
\n<\/p>\n

Belt Finance, an automated market maker (AMM) protocol operating a yield optimization strategy on Binance Smart Chain (BSC), claims to have paid the largest bounty in the history of decentralized finance (DeFi) to a white hat hacker who averted a $10-million bug crisis.\u00a0<\/p>\n

Industry white hat programmer Alexander Schlindwein discovered the vulnerability in Belt Finance\u2019s protocol this week and reported the news<\/a> to the team. For his efforts, Schlindwein received a generous compensation of $1.05 million, the majority of which ($1 million) was granted by Immunefi, with the additional $50,000 offered by Binance Smart Chain\u2019s Priority One program. <\/p>\n

Immunefi is one of the market leaders in software security for cryptocurrency projects. Since its inception, the platform has reportedly paid out in excess of $3 million to white hat hackers who have successfully identified technical infrastructure flaws in smart contracts and crypto platforms.<\/p>\n

Priority One is a BSC initiative launched in July to enhance the security of decentralized app<\/a>lications (DApp) within the platform\u2019s native ecosystem. Mirroring the structure of Immunefi, the service provides a $10-million incentive fund to blockchain bounty hunters who successfully contribute to the avoidance of security breaches across 100 DApps. <\/p>\n

Schlindwein told Cointelegraph about how he discovered the vulnerability:<\/p>\n

\u201cI went through the list of bug bounties on Immunefi and picked Belt Finance as the next one to work on. While I was studying their smart contracts, I noticed a potential bug in the internal bookkeeping, which keeps track of each user\u2019s deposited funds. Playing the attack through with pen and paper gave me more confidence in the existence of the bug. I continued by producing a proper proof-of-concept [PoC] which undoubtedly confirmed its validity and economic damage.\u201d<\/p><\/blockquote>\n

\u201cThe next step was to create an official report on Immunefi including the PoC and an extensive description of the exploit,\u201c Schlindwein said, adding, \u201cImmunefi reacted immedia<\/a>tely to the critical report, and within three minutes after submission, it was escalated to the Belt team. Shortly after, Belt confirmed the validity of the report and began implementing a fix, which then patched the vulnerability.\u201d<\/p>\n

Related:<\/em><\/strong> The perfect storm: DeFi hacks will advance the crypto sector moving forward<\/em><\/strong><\/p>\n

Although DeFi\u2019s security breaches remain a prevalent concern, it has been argued by some that the nascent ecosystem will benefit from such incidents in the long term, as areas of weaknesses are starkly highlighted.<\/p>\n

Cointelegraph asked\u00a0Schlindwein his perspective on the importance of bounty programs in supporting DeFi\u2019s antifragile ambitions:<\/p>\n

\u201cI am strongly convinced of the importance of bug bounties and initiatives such as bounty funds. DeFi security consists of multiple layers, starting with peer review and unit testing to external audits and formal verification. Bug bounties are the last line of defense should an issue slip through the overlying layers with the potential to prevent a devastating hack while instead seriously fixing the issue and compensating the finder.\u201d<\/p><\/blockquote>\n

\u201cBug bounties in DeFi have been a rare sight before Immunefi existed, only offered by the \u2018Cr\u00e8me de la Cr\u00e8me\u2019 of projects. It\u2019s great to see hundreds of projects launching their bug bounty nowadays, which will certainly bring DeFi security forward in the long run,\u201d Schlindwein concluded.<\/p>\n