- Sky Mavis is offering a $1 million bug bounty for those who can identify “fatal” flaws in the code
- This has of course already been done by a hacker, who stole $540 million from the company’s Ronin network two weeks ago
- This late stage bug bounty has caused mirth in the crypto community
Sky Mavis, the company behind the Axie Infinity game, is offering a $1 million bug bounty on its code two weeks after it was hit by a $540 million hack. The bounty, which is the epitome of the term ‘closing the stable door after the horse has bolted’, will reward bug hunters across five severity tiers, ranging from $1000 for “low” risk findings to $1,000,000 for “fatal” ones, knowledge that Sky Mavis really could have done with two weeks ago before its bridge was hacked.
Post-hack Bug Bounty Raises Eyebrows
The bug bounty was announced by Sky Mavis COO Alexsander Larsen who invited bug hunters to “Help us keep @Ronin_Network secure while earning a bounty”, the phrasing of which leads to the suggestion that it was secure to begin with. The irony of offering a bug bounty after your platform has been stiffed for over half a billion dollars wasn’t lost on some:
Ahahahah that is the funny thing XD
— Easa (@_Easaaa_) April 12, 2022
Lol AFTER a 600 million hack… should had be done BEFORE lol
— fredhead (@fredhead___) April 12, 2022
The web page for the bug bounty notes that “Sky Mavis recognizes the importance and value of security researchers’ efforts in helping keep our community safe”, raising questions about whether it has always felt this way, and if so, just how much importance it has placed on them in the very recent past.
Sky Mavis Bug Bounty Paid in AXS
The post added that “it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $1,000,000” from the bug bounty, with potential for “an additional reward bonus for exceptional reports”, all at Sky Mavis’ discretion.
It isn’t all good news for you white hat hackers however – all rewards are paid out in AXS tokens, with a six-month vesting period for the big bounties. Nothing like seeing your $1 million bonus cut in half because Bitcoin dumps.