Fantom Foundation awards $1.7M bounty for preventing $170M drain
In the aftermath of Fantom’s $550,000 hack in October, a security researcher found that the attacker could have stolen as much as $170 million.
The Fantom Foundation, a nonprofit organization developing the Fantom blockchain platform, has eliminated a significant vulnerability after a $550,000 hack in October.
On Oct. 17, the Fantom Foundation suffered a hot wallet hack, with an unknown attacker draining 1% of Fantom Foundation’s funds. The foundation subsequently stopped using some of the affected wallets, reassigning them to a Fantom employee, making it a “targeted attack.”
Following the incident, an unnamed security researcher found an additional potential risk associated with the hack and alerted the Fantom Foundation, according to a blog post on Nov. 20. The vulnerability was associated with a dormant admin token for Fantom’s ERC-20 FTM contract, which could potentially allow the attacker the ability to mint a portion of Fantom (FTM) for themselves on Ethereum.
According to the Fantom Foundation, the discovered vulnerability could have allowed the hacker to drain $170 million using the wallet access. The organization said the value of the potential loss is based on the token price at the time of the hack, “though this estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.”
The Fantom Foundation said that the vulnerability was “mitigated quickly,” and the organization awarded the unnamed researcher $1.7 million in recognition of the contribution. The announcement added:
“The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort.”
The Fantom Foundation did not immediately respond to Cointelegraph’s request for comment.
...