Reserved IP Address°C
04-26-2025
BSV
$44.39
Vol 461.01m
32.13%
BTC
$94598
Vol 36218.45m
1.33%
BCH
$372.79
Vol 327.24m
3.58%
LTC
$86.85
Vol 400.33m
3.26%
DOGE
$0.18
Vol 2124.04m
2.87%
Getting your Trinity Audio player ready...

The bZx team was able to track down the individual who allegedly exploited the platform for $8.1 million on September 13.

https://twitter.com/bZxHQ/status/1305496675474006017

bZx was able to identify the attacker by tracing their on-chain activity. Upon being identified, the attacker returned the funds to bZx. Although the hacker has been identified and the funds have been returned, the bZx team refuses to reveal the attacker’s identity for legal reasons.

The bZx bug bounty

In addition to the attacker returning funds, there was a significant amount of trouble between the bZx team, and the lead engineer at Bitcoin.com, Marc Thalen, the individual who reported the attack vector to bZx before the $8.1 million exploit took place.

At the time of the attack, Thalen posted on Twitter, creating a paper trail of evidence that proves that he was the individual who identified the bug in bZx protocol. Thalen says he created the paper trail because, “far too often teams do not pay out their bounties even though in this scenario the amount at risk was very substantial.”

And just as Thalen expected, he had trouble when it came to receiving a proper payout for identifying the bug. bZx told Thalen that their “independent security panel” reviewed Thalen’s submission and determined that the bug he found was worth a $12,500 payout. Unfortunately, that number does not resemble the numbers that bZx has listed on their bug bounty payout schedule considering how severe the bug Thalen found turned out to be and the impact the bug had on bZx.

“bZx just mentioned on a call it doesn’t feel like it’s worth more than 12.5k as their “independent” panel decided to and they feel like sticking to it. They are not willing to disclose identities of the panel,” said Thalen. “[I’m] really disappointed in bZx.”

But after voicing his thoughts on the bounty payment, continuing the paper trail on Twitter, and a phone call with bZx, the independent security panel decided to pay Thalen a more appropriate sum of $45,000.

“BZX decided to higher the bounty and paid me out,” said Thalen. “I was just paid $45.000 in USDC. Happy to come to a conclusion. I wish the team all the best with their platform and hope that they will incentivise bounty hunters to keep finding bugs.”

Recommended for you

Binance shores up compliance gaps in South Africa
Binance said that users must now provide the details of senders and beneficiaries when depositing or withdrawing tokens amid rising...
April 25, 2025
Bitails stress tests BSV with 3B UTXOs—how robust is it?
The tests, which began just over a week ago, are designed to validate upgrades to Bitails' infrastructure and codebase, as...
April 25, 2025
Advertisement
Advertisement
Advertisement