White Hat Hacker Paid $1 Million in Bounty Fee

Reading Time: 2 minutes
  • Belt Finance has paid over $1 million to a white hat hacker who discovered a critical vulnerability in its protocol.
  • This is the largest bounty in the history of decentralized finance (DeFi).
  • Bug bounty programs help reduce DeFi security exploitations.

Belt Finance has reportedly paid over $1 million to a white hat hacker who discovered a critical vulnerability in the protocol. The project claims that the vulnerability could have put over $10 million of capital at risk.

Belt Finance, a stableswap automated market maker (AMM) protocol with multi-strategy yield optimizing on Binance Smart Chain, claims to have compensated a white hat hacker $1,050,000. Ostensibly, this is the largest bounty in the history of decentralized finance (DeFi) ever paid to a security expert.

Alexander Schlindwein, a crypto bug bounty hunter, identified a vulnerability in Belt Finance’s protocol and informed the team. In exchange, Immunefi, a leading bug bounty platform, paid Schlindwein $1 million. Binance Smart Chain’s Priority One program also granted Schlindwein $50,000 for his efforts.

Schlindwein told his story in an interview with Cointelegraph. “I went through the list of bug bounties on Immunefi and picked Belt Finance as the next one to work on. While I was studying their smart contracts, I noticed a potential bug in the internal bookkeeping, which keeps track of each user’s deposited funds,” he said, adding:

Playing the attack through with pen and paper gave me more confidence in the existence of the bug. I continued by producing a proper proof-of-concept [PoC] which undoubtedly confirmed its validity and economic damage.

Bounty Programs to the Rescue

2021 has seen a number of hacks and exploitations of DeFi protocols. Just recently, DeFi protocol Vee Finance witnessed a hack that resulted in the loss of $35 million worth of BTC and ETH. Prior to that, on August 10, Poly Network was exploited for over $600 million, marking the largest hack in DeFi history.

In mid-July, the FBI even warned cryptocurrency users and exchange operators over a possible rise in hacking activity. Back then, the enforcement agency asked everyone in crypto to be more vigilant and watchful of suspicious activities.

Despite all the measures taken, DeFi’s security breaches remain a widespread concern. However, bug bounty programs can now help alleviate part of the problems. Schlindwein said:

I am strongly convinced of the importance of bug bounties and initiatives such as bounty funds. DeFi security consists of multiple layers, starting with peer review and unit testing to external audits and formal verification. Bug bounties are the last line of defense should an issue slip through the overlying layers with the potential to prevent a devastating hack while instead seriously fixing the issue and compensating the finder.

Moreover, it is becoming increasingly hard to launder stolen funds from DeFi protocols, as seen in the Poly Network attack. Therefore, by joining bounty programs, hackers can still use their talent but in a good way.