Aurora Labs paid white hackers $2 million for bugs found
The project team began working on a long-term and reliable solution to the problems
04.09.2022 - 07:30
805
1 min
0
What’s new? In June, the Aurora Labs team received two reports containing information on the identified critical vulnerabilities. The company paid the authors of these reports remunerations of $1 million each in Aurora tokens (AURORA). Information about this appeared on the team’s blog.
What did the white hackers discover? They discovered the first vulnerability in the operation of the cross-chain bridge, NEAR Rainbow Bridge, to transfer funds between Ethereum and Aurora with NEAR. According to white hackers’ theory, an attacker could force the Aurora Engine to create a fake proof of token burning, provide it to the bridge, and withdraw funds from the vault. The project team has begun working on a long-term, reliable solution based on proof of state.
White hackers also found a vulnerability related to token transfer from Ethereum to Aurora. According to them, the attackers could have sent the recipient wrapped tokens and charged a fee of up to 18,4 ETH.
What is known about Aurora? It is an EVM blockchain based on the NEAR protocol, which is being developed by Aurora Labs. The platform provides developers with a ready-made solution for running their applications on an Ethereum-compatible, high-performance, scalable and secure platform.
Earlier, white hackers returned about $9 million in cryptocurrency to a blockchain address belonging to Nomad’s cross-chain protocol. On August 2, Nomad underwent an exploit, during which white hackers withdrew part of the funds in order to protect them from theft.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter